{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 17.974
      },
      {
        "name": "AnalysisInfo",
        "time": 0.063
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.098
      },
      {
        "name": "Debug",
        "time": 0.002
      },
      {
        "name": "NetworkAnalysis",
        "time": 4.377
      },
      {
        "name": "Suricata",
        "time": 3.857
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_ntcreatethreadex",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_window",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "dump_lsa_via_windows_error_reporting",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "deletes_shadow_copies",
        "time": 0.0
      },
      {
        "name": "deletes_system_state_backup",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_mappeddrives_autodisconnect",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "guloader_apis",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "koadic_apis",
        "time": 0.0
      },
      {
        "name": "koadic_network_activity",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "cryptbot_network",
        "time": 0.0
      },
      {
        "name": "masslogger_artifacts",
        "time": 0.0
      },
      {
        "name": "purplewave_network_activity",
        "time": 0.0
      },
      {
        "name": "quilclipper_behavior",
        "time": 0.0
      },
      {
        "name": "raccoon_behavior",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "vidar_behavior",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_needextension",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "loader_alien",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypt_pcinfo",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agenttesla_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agentteslat2_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_nanocore",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "modify_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "nemty_network_activity",
        "time": 0.0
      },
      {
        "name": "nemty_note",
        "time": 0.0
      },
      {
        "name": "sodinokibi_behavior",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_registry",
        "time": 0.0
      },
      {
        "name": "blackrat_apis",
        "time": 0.0
      },
      {
        "name": "blackrat_network_activity",
        "time": 0.0
      },
      {
        "name": "blackrat_registry_keys",
        "time": 0.0
      },
      {
        "name": "dcrat_behavior",
        "time": 0.0
      },
      {
        "name": "karagany_system_event_objects",
        "time": 0.0
      },
      {
        "name": "rat_luminosity",
        "time": 0.0
      },
      {
        "name": "rat_nanocore",
        "time": 0.0
      },
      {
        "name": "netwire_behavior",
        "time": 0.0
      },
      {
        "name": "obliquerat_network_activity",
        "time": 0.0
      },
      {
        "name": "orcusrat_behavior",
        "time": 0.0
      },
      {
        "name": "trochilusrat_apis",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "remcos_shell_code_dynamic_wrapper_x",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_system_procname",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "neshta_files",
        "time": 0.0
      },
      {
        "name": "neshta_regkeys",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.001
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.02
      },
      {
        "name": "network_ip_exe",
        "time": 0.0
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.0
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.007
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.0
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.0
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.0
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.0
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.0
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.002
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.008
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.004
      },
      {
        "name": "antiav_detectreg",
        "time": 0.039
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.001
      },
      {
        "name": "antiemu_windefend",
        "time": 0.0
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.0
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.001
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.0
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.002
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.001
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.002
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.002
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.004
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.001
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.003
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.001
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.002
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "gulpix_behavior",
        "time": 0.0
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.001
      },
      {
        "name": "okrum_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_cridex",
        "time": 0.0
      },
      {
        "name": "geodo_banking_trojan",
        "time": 0.002
      },
      {
        "name": "banker_spyeye_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_zeus_mutex",
        "time": 0.0
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.0
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.001
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.001
      },
      {
        "name": "checks_uac_status",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.0
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "carberp_mutex",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.0
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.0
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.0
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.0
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "cypherit_mutexes",
        "time": 0.0
      },
      {
        "name": "darkcomet_regkeys",
        "time": 0.001
      },
      {
        "name": "datop_loader",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.001
      },
      {
        "name": "disables_browser_warn",
        "time": 0.001
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.001
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.0
      },
      {
        "name": "disables_system_restore",
        "time": 0.0
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.0
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "andromut_mutexes",
        "time": 0.0
      },
      {
        "name": "downloader_cabby",
        "time": 0.0
      },
      {
        "name": "phorpiex_mutexes",
        "time": 0.0
      },
      {
        "name": "protonbot_mutexes",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.0
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "apocalypse_stealer_file_behavior",
        "time": 0.0
      },
      {
        "name": "arkei_files",
        "time": 0.0
      },
      {
        "name": "azorult_mutexes",
        "time": 0.001
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.002
      },
      {
        "name": "cryptbot_files",
        "time": 0.0
      },
      {
        "name": "echelon_files",
        "time": 0.001
      },
      {
        "name": "infostealer_ftp",
        "time": 0.014
      },
      {
        "name": "infostealer_im",
        "time": 0.008
      },
      {
        "name": "infostealer_mail",
        "time": 0.004
      },
      {
        "name": "masslogger_files",
        "time": 0.0
      },
      {
        "name": "poullight_files",
        "time": 0.001
      },
      {
        "name": "purplewave_mutexes",
        "time": 0.0
      },
      {
        "name": "quilclipper_mutexes",
        "time": 0.0
      },
      {
        "name": "qulab_files",
        "time": 0.0
      },
      {
        "name": "qulab_mutexes",
        "time": 0.0
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.002
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.0
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.0
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.0
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.0
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.0
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.0
      },
      {
        "name": "network_tor_service",
        "time": 0.0
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.0
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.0
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.0
      },
      {
        "name": "powerpool_mutexes",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "cryptomix_mutexes",
        "time": 0.0
      },
      {
        "name": "dharma_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.004
      },
      {
        "name": "ransomware_files",
        "time": 0.006
      },
      {
        "name": "fonix_mutexes",
        "time": 0.0
      },
      {
        "name": "gandcrab_mutexes",
        "time": 0.0
      },
      {
        "name": "germanwiper_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_regkeys",
        "time": 0.0
      },
      {
        "name": "nemty_mutexes",
        "time": 0.0
      },
      {
        "name": "nemty_regkeys",
        "time": 0.0
      },
      {
        "name": "pysa_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_radamant",
        "time": 0.0
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "revil_mutexes",
        "time": 0.001
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "satan_mutexes",
        "time": 0.0
      },
      {
        "name": "snake_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_cmd",
        "time": 0.0
      },
      {
        "name": "ransomware_stopdjvu",
        "time": 0.0
      },
      {
        "name": "rat_beebus_mutexes",
        "time": 0.0
      },
      {
        "name": "blacknet_mutexes",
        "time": 0.0
      },
      {
        "name": "blackrat_mutexes",
        "time": 0.0
      },
      {
        "name": "crat_mutexes",
        "time": 0.0
      },
      {
        "name": "dcrat_files",
        "time": 0.0
      },
      {
        "name": "dcrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_fynloski_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_regkeys",
        "time": 0.001
      },
      {
        "name": "lodarat_file_behavior",
        "time": 0.0
      },
      {
        "name": "modirat_behavior",
        "time": 0.0
      },
      {
        "name": "njrat_regkeys",
        "time": 0.0
      },
      {
        "name": "obliquerat_files",
        "time": 0.0
      },
      {
        "name": "obliquerat_mutexes",
        "time": 0.0
      },
      {
        "name": "parallax_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_pcclient",
        "time": 0.0
      },
      {
        "name": "rat_plugx_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_poisonivy_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_quasar_mutexes",
        "time": 0.0
      },
      {
        "name": "ratsnif_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_spynet",
        "time": 0.0
      },
      {
        "name": "venomrat_mutexes",
        "time": 0.0
      },
      {
        "name": "warzonerat_files",
        "time": 0.0
      },
      {
        "name": "warzonerat_regkeys",
        "time": 0.001
      },
      {
        "name": "xpertrat_files",
        "time": 0.0
      },
      {
        "name": "xpertrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_xtreme_mutexes",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.0
      },
      {
        "name": "recon_fingerprint",
        "time": 0.001
      },
      {
        "name": "remcos_files",
        "time": 0.0
      },
      {
        "name": "remcos_mutexes",
        "time": 0.0
      },
      {
        "name": "remcos_regkeys",
        "time": 0.0
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.0
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "spicyhotpot_behavior",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.0
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.0
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.0
      },
      {
        "name": "tampers_etw",
        "time": 0.0
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "targeted_flame",
        "time": 0.0
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.014
      },
      {
        "name": "trickbot_mutex",
        "time": 0.0
      },
      {
        "name": "fleercivet_mutex",
        "time": 0.0
      },
      {
        "name": "lokibot_mutexes",
        "time": 0.001
      },
      {
        "name": "ursnif_behavior",
        "time": 0.001
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "neshta_mutexes",
        "time": 0.0
      },
      {
        "name": "renamer_mutexes",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.003
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.004
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      },
      {
        "name": "allaple_mutexes",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "test.txt",
      "path": "/opt/CAPEv2/storage/binaries/9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
      "guest_paths": "",
      "size": 4,
      "crc32": "D87F7E0C",
      "md5": "098f6bcd4621d373cade4e832627b4f6",
      "sha1": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
      "sha256": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
      "sha512": "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff",
      "rh_hash": null,
      "ssdeep": "3:Hn:Hn",
      "type": "ASCII text, with no line terminators",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": null,
      "sha3_384": "e516dabb23b6e30026863543282780a3ae0dccf05551cf0295178d7ff0f1b41eecb9db3ff219007c4e097260d58621bd",
      "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": "test",
      "strings": [],
      "virustotal": {
        "names": [
          "UnityAdsTest.txt",
          "~test.test",
          "FAPFD7B.tmp",
          "FAP2E4F.tmp",
          "FAP641D.tmp",
          "TV-WF-b7f6.tmp",
          "mod_id_example.txt",
          "TV-WF-37d7.tmp",
          "TV-WF-38e7.tmp",
          "Neues Textdokument.txt",
          "Manual.txt_1519058821",
          "writable_test.txt",
          "test.txt",
          ".npmignore",
          "KICClassBillPrint-update.txt",
          "TV-WF-96c7.tmp",
          "$77root_test",
          "testfile",
          "test_write.tmp",
          "README.md",
          "sfasfaf.exe",
          "test_a4e501f0.tmp",
          "test_72c7d42f.tmp",
          "write.test",
          "broken_chunk.mp3",
          "TV-WF-531b.tmp",
          "telegram desktop updater.exe",
          "CompanyId.txt",
          "test_write_4ee5bba5-d786-480e-8515-dab9c162fa66.tmp",
          "release-notes.txt",
          "test_permission.txt",
          "test1.txt"
        ],
        "scan_id": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
        "md5": "098f6bcd4621d373cade4e832627b4f6",
        "sha1": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
        "sha256": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
        "tlsh": "TNULL",
        "positives": 0,
        "total": 76,
        "permalink": "https://www.virustotal.com/api/v3/files/9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
        "scans": {},
        "resource": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
        "results": [
          {
            "vendor": "Bkav",
            "sig": null
          },
          {
            "vendor": "Lionic",
            "sig": null
          },
          {
            "vendor": "Cynet",
            "sig": null
          },
          {
            "vendor": "CTX",
            "sig": null
          },
          {
            "vendor": "CAT-QuickHeal",
            "sig": null
          },
          {
            "vendor": "Skyhigh",
            "sig": null
          },
          {
            "vendor": "ALYac",
            "sig": null
          },
          {
            "vendor": "Malwarebytes",
            "sig": null
          },
          {
            "vendor": "VIPRE",
            "sig": null
          },
          {
            "vendor": "Sangfor",
            "sig": null
          },
          {
            "vendor": "K7AntiVirus",
            "sig": null
          },
          {
            "vendor": "K7GW",
            "sig": null
          },
          {
            "vendor": "CrowdStrike",
            "sig": null
          },
          {
            "vendor": "Arcabit",
            "sig": null
          },
          {
            "vendor": "Baidu",
            "sig": null
          },
          {
            "vendor": "VirIT",
            "sig": null
          },
          {
            "vendor": "Symantec",
            "sig": null
          },
          {
            "vendor": "ESET-NOD32",
            "sig": null
          },
          {
            "vendor": "TrendMicro-HouseCall",
            "sig": null
          },
          {
            "vendor": "Avast",
            "sig": null
          },
          {
            "vendor": "ClamAV",
            "sig": null
          },
          {
            "vendor": "Kaspersky",
            "sig": null
          },
          {
            "vendor": "BitDefender",
            "sig": null
          },
          {
            "vendor": "NANO-Antivirus",
            "sig": null
          },
          {
            "vendor": "SUPERAntiSpyware",
            "sig": null
          },
          {
            "vendor": "MicroWorld-eScan",
            "sig": null
          },
          {
            "vendor": "Tencent",
            "sig": null
          },
          {
            "vendor": "Sophos",
            "sig": null
          },
          {
            "vendor": "F-Secure",
            "sig": null
          },
          {
            "vendor": "DrWeb",
            "sig": null
          },
          {
            "vendor": "Zillya",
            "sig": null
          },
          {
            "vendor": "TrendMicro",
            "sig": null
          },
          {
            "vendor": "McAfeeD",
            "sig": null
          },
          {
            "vendor": "CMC",
            "sig": null
          },
          {
            "vendor": "Emsisoft",
            "sig": null
          },
          {
            "vendor": "Ikarus",
            "sig": null
          },
          {
            "vendor": "Jiangmin",
            "sig": null
          },
          {
            "vendor": "Google",
            "sig": null
          },
          {
            "vendor": "Avira",
            "sig": null
          },
          {
            "vendor": "Antiy-AVL",
            "sig": null
          },
          {
            "vendor": "Kingsoft",
            "sig": null
          },
          {
            "vendor": "Gridinsoft",
            "sig": null
          },
          {
            "vendor": "Xcitium",
            "sig": null
          },
          {
            "vendor": "Microsoft",
            "sig": null
          },
          {
            "vendor": "ViRobot",
            "sig": null
          },
          {
            "vendor": "ZoneAlarm",
            "sig": null
          },
          {
            "vendor": "GData",
            "sig": null
          },
          {
            "vendor": "Varist",
            "sig": null
          },
          {
            "vendor": "AhnLab-V3",
            "sig": null
          },
          {
            "vendor": "Acronis",
            "sig": null
          },
          {
            "vendor": "VBA32",
            "sig": null
          },
          {
            "vendor": "TACHYON",
            "sig": null
          },
          {
            "vendor": "Zoner",
            "sig": null
          },
          {
            "vendor": "Rising",
            "sig": null
          },
          {
            "vendor": "Yandex",
            "sig": null
          },
          {
            "vendor": "TrellixENS",
            "sig": null
          },
          {
            "vendor": "huorong",
            "sig": null
          },
          {
            "vendor": "MaxSecure",
            "sig": null
          },
          {
            "vendor": "Fortinet",
            "sig": null
          },
          {
            "vendor": "AVG",
            "sig": null
          },
          {
            "vendor": "Panda",
            "sig": null
          },
          {
            "vendor": "alibabacloud",
            "sig": null
          },
          {
            "vendor": "Avast-Mobile",
            "sig": null
          },
          {
            "vendor": "SymantecMobileInsight",
            "sig": null
          },
          {
            "vendor": "BitDefenderFalx",
            "sig": null
          },
          {
            "vendor": "tehtris",
            "sig": null
          },
          {
            "vendor": "Elastic",
            "sig": null
          },
          {
            "vendor": "Webroot",
            "sig": null
          },
          {
            "vendor": "APEX",
            "sig": null
          },
          {
            "vendor": "Paloalto",
            "sig": null
          },
          {
            "vendor": "Alibaba",
            "sig": null
          },
          {
            "vendor": "Trapmine",
            "sig": null
          },
          {
            "vendor": "Cylance",
            "sig": null
          },
          {
            "vendor": "SentinelOne",
            "sig": null
          },
          {
            "vendor": "Trustlook",
            "sig": null
          },
          {
            "vendor": "DeepInstinct",
            "sig": null
          }
        ],
        "detection": ""
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": ""
    }
  },
  "procdump": [
    {
      "name": "6799c194488183975b7df7126eeda05634e0f7f5b360a9192e973e7d4869f358",
      "path": "/opt/CAPEv2/storage/analyses/5/procdump/6799c194488183975b7df7126eeda05634e0f7f5b360a9192e973e7d4869f358",
      "guest_paths": "1;?C:\\Windows\\SysWOW64\\cmd.exe;?C:\\Windows\\SysWOW64\\cmd.exe;?",
      "size": 346624,
      "crc32": "41262CFC",
      "md5": "8c56af5389b400e2b3ada0700173a6d1",
      "sha1": "184a9e3b03fb3d5798ed1f4c813ec17fd8a928f7",
      "sha256": "6799c194488183975b7df7126eeda05634e0f7f5b360a9192e973e7d4869f358",
      "sha512": "e589e3ea29f013fc3b29761e1a3b78aabbf4665aab47bf930e317ca3792fc5a5cc1632272419bb4d6b6aa6497edd9d69f315253d34cfa32303c5e30f8a241592",
      "rh_hash": null,
      "ssdeep": "6144:Dv9M0uFwgtPvltHY+ujJrLEYdd1ykzECDmtSme:DvnuigtP7h2P9Skn",
      "type": "PE32 executable (console) Intel 80386, for MS Windows",
      "yara": [
        {
          "name": "IsPE32",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsConsole",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "HasDebugData",
          "meta": {
            "author": "_pusher_",
            "description": "DebugData Check",
            "date": "2016-07"
          },
          "strings": [],
          "addresses": {}
        },
        {
          "name": "HasRichSignature",
          "meta": {
            "author": "_pusher_",
            "description": "Rich Signature Check",
            "date": "2016-07"
          },
          "strings": [
            "Rich"
          ],
          "addresses": {
            "a0": 216
          }
        },
        {
          "name": "Visual_Cpp_2005_Release_Microsoft",
          "meta": {},
          "strings": [
            "{ E8 F8 4E 00 00 E9 E1 FD FF FF }",
            "{ E8 CB C9 FF FF E9 FB FD FF FF }",
            "{ E8 D0 05 00 00 E9 D9 FD FF FF }"
          ],
          "addresses": {
            "a": 89888
          }
        },
        {
          "name": "VC8_Microsoft_Corporation",
          "meta": {},
          "strings": [
            "{ E8 F8 4E 00 00 E9 E1 FD FF FF }",
            "{ E8 23 ED FF FF E9 27 FF FF FF }",
            "{ E8 15 78 00 00 E9 99 FE FF FF }",
            "{ E8 0D 11 00 00 E9 5A FF FF FF }",
            "{ E8 84 1D 00 00 E9 62 FE FF FF }",
            "{ E8 A3 12 00 00 E9 27 FF FF FF }",
            "{ E8 19 14 00 00 E9 1D FF FF FF }",
            "{ E8 BA 01 00 00 E9 76 FE FF FF }",
            "{ E8 D4 A8 01 00 E9 53 FF FF FF }",
            "{ E8 03 1E 00 00 E9 64 FF FF FF }",
            "{ E8 A1 21 00 00 E9 52 FF FF FF }",
            "{ E8 6E 3A 00 00 E9 DE FE FF FF }",
            "{ E8 32 A1 FF FF E9 EA FE FF FF }",
            "{ E8 75 00 00 00 E9 5A FE FF FF }",
            "{ E8 00 00 8B FE E9 E8 FA FF FF }",
            "{ E8 63 01 00 00 E9 BD FC FF FF }",
            "{ E8 1E D4 FF FF E9 27 FF FF FF }",
            "{ E8 56 07 00 00 E9 36 FE FF FF }",
            "{ E8 CB C9 FF FF E9 FB FD FF FF }",
            "{ E8 7C A0 FF FF E9 83 FE FF FF }",
            "{ E8 E4 20 00 00 E9 2F FF FF FF }",
            "{ E8 C9 EB FF FF E9 66 FF FF FF }",
            "{ E8 96 B0 FF FF E9 6C FF FF FF }",
            "{ E8 D0 05 00 00 E9 D9 FD FF FF }",
            "{ E8 4E ED FF FF E9 06 F4 FF FF }",
            "{ E8 F9 9F 00 00 E9 E5 03 FF FF }",
            "{ E8 4A C0 FE FF E9 29 00 FF FF }",
            "{ E8 50 F2 FE FF E9 2D 04 FF FF }",
            "{ E8 C5 29 FF FF E9 B9 06 FF FF }",
            "{ E8 90 0D FF FF E9 6B 19 FF FF }",
            "{ E8 38 C3 FE FF E9 2D 1B FF FF }",
            "{ E8 27 C3 FE FF E9 30 1B FF FF }",
            "{ E8 16 C3 FE FF E9 33 1B FF FF }",
            "{ E8 67 C2 FE FF E9 96 1A FF FF }",
            "{ E8 58 A1 00 00 E9 5E 1C FF FF }",
            "{ E8 BB 54 00 00 E9 72 1E FF FF }",
            "{ E8 3F F7 FE FF E9 57 FF FF FF }",
            "{ E8 45 AC 00 00 E9 F2 21 FF FF }",
            "{ E8 19 AC 00 00 E9 69 22 FF FF }",
            "{ E8 7F 99 FE FF E9 D0 2E FF FF }",
            "{ E8 16 42 00 00 E9 BB 30 FF FF }",
            "{ E8 F6 41 00 00 E9 01 31 FF FF }",
            "{ E8 5E 94 00 00 E9 E4 35 FF FF }",
            "{ E8 54 94 00 00 E9 2A 36 FF FF }",
            "{ E8 4A 94 00 00 E9 78 36 FF FF }",
            "{ E8 6F 3C FF FF E9 5D 37 FF FF }",
            "{ E8 DE 91 00 00 E9 6B 3C FF FF }",
            "{ E8 D9 E4 FE FF E9 FE 3C FF FF }",
            "{ E8 68 FB FE FF E9 5C 40 FF FF }",
            "{ E8 61 AD FE FF E9 58 41 FF FF }",
            "{ E8 D2 FE FE FF E9 98 40 FF FF }",
            "{ E8 A0 F4 FE FF E9 B7 42 FF FF }",
            "{ E8 A4 A0 FE FF E9 41 44 FF FF }",
            "{ E8 F1 42 FF FF E9 FE 3B FF FF }",
            "{ E8 75 18 FF FF E9 66 3F FF FF }",
            "{ E8 9A 95 FE FF E9 8E 40 FF FF }",
            "{ E8 06 E7 FE FF E9 23 41 FF FF }",
            "{ E8 36 14 FF FF E9 7C FF FF FF }",
            "{ E8 F8 42 FF FF E9 EA 42 FF FF }",
            "{ E8 41 41 FF FF E9 95 41 FF FF }",
            "{ E8 E9 D8 FE FF E9 43 42 FF FF }",
            "{ E8 63 41 00 00 E9 A7 44 FF FF }",
            "{ E8 E3 0F 00 00 E9 65 FF FF FF }",
            "{ E8 EC AD FE FF E9 AE FC FF FF }"
          ],
          "addresses": {
            "a": 145839
          }
        },
        {
          "name": "Microsoft_Visual_Cpp_8",
          "meta": {},
          "strings": [
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000@\u0000\u0000B\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 D8 1E 17 00 02 00 00 00 E0 1E 17 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 80 0D 77 04 10 15 77 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 80 0D 77 04 10 15 77 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 80 0D 77 04 10 15 77 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u00004\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 02 00 10 A0 02 00 00 B0 02 9F FC AF 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004A\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u00041\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000'\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000!\u0004@\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0004B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0004=\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 04 3D 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 04 3D 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 04 3D 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 }",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\n\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\n\u0000\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 7C 18 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D4 72 18 00 00 }",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000w\u0000\u0000",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000w\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0007\u0000w\u0000\u0000",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }",
            "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000",
            "{ E8 F8 4E 00 00 E9 E1 FD FF FF }",
            "{ E8 15 78 00 00 E9 99 FE FF FF }",
            "{ E8 0D 11 00 00 E9 5A FF FF FF }",
            "{ E8 84 1D 00 00 E9 62 FE FF FF }",
            "{ E8 A3 12 00 00 E9 27 FF FF FF }",
            "{ E8 19 14 00 00 E9 1D FF FF FF }",
            "{ E8 BA 01 00 00 E9 76 FE FF FF }",
            "{ E8 03 1E 00 00 E9 64 FF FF FF }",
            "{ E8 A1 21 00 00 E9 52 FF FF FF }",
            "{ E8 6E 3A 00 00 E9 DE FE FF FF }",
            "{ E8 75 00 00 00 E9 5A FE FF FF }",
            "{ E8 63 01 00 00 E9 BD FC FF FF }",
            "{ E8 56 07 00 00 E9 36 FE FF FF }",
            "{ E8 E4 20 00 00 E9 2F FF FF FF }",
            "{ E8 D0 05 00 00 E9 D9 FD FF FF }",
            "{ E8 F9 9F 00 00 E9 E5 03 FF FF }",
            "{ E8 58 A1 00 00 E9 5E 1C FF FF }",
            "{ E8 BB 54 00 00 E9 72 1E FF FF }",
            "{ E8 45 AC 00 00 E9 F2 21 FF FF }",
            "{ E8 19 AC 00 00 E9 69 22 FF FF }",
            "{ E8 16 42 00 00 E9 BB 30 FF FF }",
            "{ E8 F6 41 00 00 E9 01 31 FF FF }",
            "{ E8 5E 94 00 00 E9 E4 35 FF FF }",
            "{ E8 54 94 00 00 E9 2A 36 FF FF }",
            "{ E8 4A 94 00 00 E9 78 36 FF FF }",
            "{ E8 DE 91 00 00 E9 6B 3C FF FF }",
            "{ E8 63 41 00 00 E9 A7 44 FF FF }",
            "{ E8 E3 0F 00 00 E9 65 FF FF FF }"
          ],
          "addresses": {
            "a": 336818,
            "b": 137452
          }
        }
      ],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T1EB746D51674894F1CAE22130167AFB378D7DBC318B5196C3B7E0DD9B79A02C0B53A72A",
      "sha3_384": "257d63efdde87a72e25ac569fb14341242da9a96365342bd4d8af199cd2df4f9cf277117d3eeb641e1b98397a0d8e9f1",
      "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "This file format cannot be verified because it is not recognized.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00170000",
        "entrypoint": "0x00016b20",
        "ep_bytes": "e8d0050000e9d9fdffffcccccccccccc",
        "peid_signatures": null,
        "reported_checksum": "0x00046aec",
        "actual_checksum": "0x000621ec",
        "osversion": "10.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": "cmd.pdb",
        "imports": {
          "msvcrt": {
            "dll": "msvcrt.dll",
            "imports": [
              {
                "address": "0x1ba314",
                "name": "__dllonexit"
              },
              {
                "address": "0x1ba318",
                "name": "_unlock"
              },
              {
                "address": "0x1ba31c",
                "name": "_lock"
              },
              {
                "address": "0x1ba320",
                "name": "_initterm"
              },
              {
                "address": "0x1ba324",
                "name": "wcsspn"
              },
              {
                "address": "0x1ba328",
                "name": "_tell"
              },
              {
                "address": "0x1ba32c",
                "name": "_except_handler4_common"
              },
              {
                "address": "0x1ba330",
                "name": "__setusermatherr"
              },
              {
                "address": "0x1ba334",
                "name": "__p__fmode"
              },
              {
                "address": "0x1ba338",
                "name": "_cexit"
              },
              {
                "address": "0x1ba33c",
                "name": "_exit"
              },
              {
                "address": "0x1ba340",
                "name": "__set_app_type"
              },
              {
                "address": "0x1ba344",
                "name": "__getmainargs"
              },
              {
                "address": "0x1ba348",
                "name": "_amsg_exit"
              },
              {
                "address": "0x1ba34c",
                "name": "__p__commode"
              },
              {
                "address": "0x1ba350",
                "name": "_XcptFilter"
              },
              {
                "address": "0x1ba354",
                "name": "calloc"
              },
              {
                "address": "0x1ba358",
                "name": "free"
              },
              {
                "address": "0x1ba35c",
                "name": "_purecall"
              },
              {
                "address": "0x1ba360",
                "name": "__CxxFrameHandler3"
              },
              {
                "address": "0x1ba364",
                "name": "?terminate@@YAXXZ"
              },
              {
                "address": "0x1ba368",
                "name": "_wcslwr"
              },
              {
                "address": "0x1ba36c",
                "name": "_controlfp"
              },
              {
                "address": "0x1ba370",
                "name": "_dup2"
              },
              {
                "address": "0x1ba374",
                "name": "memcmp"
              },
              {
                "address": "0x1ba378",
                "name": "_local_unwind4"
              },
              {
                "address": "0x1ba37c",
                "name": "_dup"
              },
              {
                "address": "0x1ba380",
                "name": "??1type_info@@UAE@XZ"
              },
              {
                "address": "0x1ba384",
                "name": "_close"
              },
              {
                "address": "0x1ba388",
                "name": "_open_osfhandle"
              },
              {
                "address": "0x1ba38c",
                "name": "swscanf"
              },
              {
                "address": "0x1ba390",
                "name": "_ultoa"
              },
              {
                "address": "0x1ba394",
                "name": "_pipe"
              },
              {
                "address": "0x1ba398",
                "name": "memmove"
              },
              {
                "address": "0x1ba39c",
                "name": "wcsncmp"
              },
              {
                "address": "0x1ba3a0",
                "name": "_setmode"
              },
              {
                "address": "0x1ba3a4",
                "name": "exit"
              },
              {
                "address": "0x1ba3a8",
                "name": "_getch"
              },
              {
                "address": "0x1ba3ac",
                "name": "iswspace"
              },
              {
                "address": "0x1ba3b0",
                "name": "wcschr"
              },
              {
                "address": "0x1ba3b4",
                "name": "iswxdigit"
              },
              {
                "address": "0x1ba3b8",
                "name": "_setjmp3"
              },
              {
                "address": "0x1ba3bc",
                "name": "time"
              },
              {
                "address": "0x1ba3c0",
                "name": "srand"
              },
              {
                "address": "0x1ba3c4",
                "name": "_wtol"
              },
              {
                "address": "0x1ba3c8",
                "name": "fflush"
              },
              {
                "address": "0x1ba3cc",
                "name": "wcsstr"
              },
              {
                "address": "0x1ba3d0",
                "name": "iswalpha"
              },
              {
                "address": "0x1ba3d4",
                "name": "wcstoul"
              },
              {
                "address": "0x1ba3d8",
                "name": "??3@YAXPAX@Z"
              },
              {
                "address": "0x1ba3dc",
                "name": "_errno"
              },
              {
                "address": "0x1ba3e0",
                "name": "??_V@YAXPAX@Z"
              },
              {
                "address": "0x1ba3e4",
                "name": "printf"
              },
              {
                "address": "0x1ba3e8",
                "name": "memcpy_s"
              },
              {
                "address": "0x1ba3ec",
                "name": "_onexit"
              },
              {
                "address": "0x1ba3f0",
                "name": "fgets"
              },
              {
                "address": "0x1ba3f4",
                "name": "qsort"
              },
              {
                "address": "0x1ba3f8",
                "name": "rand"
              },
              {
                "address": "0x1ba3fc",
                "name": "_pclose"
              },
              {
                "address": "0x1ba400",
                "name": "fprintf"
              },
              {
                "address": "0x1ba404",
                "name": "wcsrchr"
              },
              {
                "address": "0x1ba408",
                "name": "ferror"
              },
              {
                "address": "0x1ba40c",
                "name": "realloc"
              },
              {
                "address": "0x1ba410",
                "name": "towlower"
              },
              {
                "address": "0x1ba414",
                "name": "setlocale"
              },
              {
                "address": "0x1ba418",
                "name": "towupper"
              },
              {
                "address": "0x1ba41c",
                "name": "_wcsupr"
              },
              {
                "address": "0x1ba420",
                "name": "feof"
              },
              {
                "address": "0x1ba424",
                "name": "_wpopen"
              },
              {
                "address": "0x1ba428",
                "name": "_wcsnicmp"
              },
              {
                "address": "0x1ba42c",
                "name": "_get_osfhandle"
              },
              {
                "address": "0x1ba430",
                "name": "longjmp"
              },
              {
                "address": "0x1ba434",
                "name": "iswdigit"
              },
              {
                "address": "0x1ba438",
                "name": "wcstol"
              },
              {
                "address": "0x1ba43c",
                "name": "_vsnwprintf"
              },
              {
                "address": "0x1ba440",
                "name": "_wcsicmp"
              },
              {
                "address": "0x1ba444",
                "name": "__iob_func"
              },
              {
                "address": "0x1ba448",
                "name": "malloc"
              },
              {
                "address": "0x1ba44c",
                "name": "_callnewh"
              },
              {
                "address": "0x1ba450",
                "name": "??0exception@@QAE@ABQBD@Z"
              },
              {
                "address": "0x1ba454",
                "name": "??0exception@@QAE@ABQBDH@Z"
              },
              {
                "address": "0x1ba458",
                "name": "??0exception@@QAE@ABV0@@Z"
              },
              {
                "address": "0x1ba45c",
                "name": "??1exception@@UAE@XZ"
              },
              {
                "address": "0x1ba460",
                "name": "?what@exception@@UBEPBDXZ"
              },
              {
                "address": "0x1ba464",
                "name": "_CxxThrowException"
              },
              {
                "address": "0x1ba468",
                "name": "memcpy"
              },
              {
                "address": "0x1ba46c",
                "name": "memset"
              }
            ]
          },
          "ntdll": {
            "dll": "ntdll.dll",
            "imports": [
              {
                "address": "0x1ba474",
                "name": "NtOpenProcessToken"
              },
              {
                "address": "0x1ba478",
                "name": "NtQueryInformationToken"
              },
              {
                "address": "0x1ba47c",
                "name": "NtClose"
              },
              {
                "address": "0x1ba480",
                "name": "NtOpenThreadToken"
              },
              {
                "address": "0x1ba484",
                "name": "NtFsControlFile"
              },
              {
                "address": "0x1ba488",
                "name": "RtlDosPathNameToNtPathName_U"
              },
              {
                "address": "0x1ba48c",
                "name": "RtlFindLeastSignificantBit"
              },
              {
                "address": "0x1ba490",
                "name": "RtlFreeHeap"
              },
              {
                "address": "0x1ba494",
                "name": "RtlReleaseRelativeName"
              },
              {
                "address": "0x1ba498",
                "name": "NtOpenFile"
              },
              {
                "address": "0x1ba49c",
                "name": "RtlDosPathNameToRelativeNtPathName_U_WithStatus"
              },
              {
                "address": "0x1ba4a0",
                "name": "NtSetInformationFile"
              },
              {
                "address": "0x1ba4a4",
                "name": "NtQueryVolumeInformationFile"
              },
              {
                "address": "0x1ba4a8",
                "name": "NtSetInformationProcess"
              },
              {
                "address": "0x1ba4ac",
                "name": "NtQueryInformationProcess"
              },
              {
                "address": "0x1ba4b0",
                "name": "RtlNtStatusToDosError"
              },
              {
                "address": "0x1ba4b4",
                "name": "NtCancelSynchronousIoFile"
              },
              {
                "address": "0x1ba4b8",
                "name": "RtlCreateUnicodeStringFromAsciiz"
              },
              {
                "address": "0x1ba4bc",
                "name": "RtlFreeUnicodeString"
              }
            ]
          },
          "api-ms-win-core-kernel32-legacy-l1-1-0": {
            "dll": "api-ms-win-core-kernel32-legacy-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba15c",
                "name": "GetConsoleWindow"
              },
              {
                "address": "0x1ba160",
                "name": "CopyFileW"
              }
            ]
          },
          "api-ms-win-core-libraryloader-l1-2-0": {
            "dll": "api-ms-win-core-libraryloader-l1-2-0.dll",
            "imports": [
              {
                "address": "0x1ba168",
                "name": "GetProcAddress"
              },
              {
                "address": "0x1ba16c",
                "name": "GetModuleFileNameA"
              },
              {
                "address": "0x1ba170",
                "name": "LoadLibraryExW"
              },
              {
                "address": "0x1ba174",
                "name": "GetModuleHandleW"
              },
              {
                "address": "0x1ba178",
                "name": "GetModuleHandleExW"
              },
              {
                "address": "0x1ba17c",
                "name": "GetModuleFileNameW"
              }
            ]
          },
          "api-ms-win-core-synch-l1-1-0": {
            "dll": "api-ms-win-core-synch-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba27c",
                "name": "WaitForSingleObject"
              },
              {
                "address": "0x1ba280",
                "name": "TryAcquireSRWLockExclusive"
              },
              {
                "address": "0x1ba284",
                "name": "CreateSemaphoreExW"
              },
              {
                "address": "0x1ba288",
                "name": "CreateMutexExW"
              },
              {
                "address": "0x1ba28c",
                "name": "OpenSemaphoreW"
              },
              {
                "address": "0x1ba290",
                "name": "AcquireSRWLockShared"
              },
              {
                "address": "0x1ba294",
                "name": "ReleaseSRWLockShared"
              },
              {
                "address": "0x1ba298",
                "name": "InitializeCriticalSection"
              },
              {
                "address": "0x1ba29c",
                "name": "EnterCriticalSection"
              },
              {
                "address": "0x1ba2a0",
                "name": "ReleaseSemaphore"
              },
              {
                "address": "0x1ba2a4",
                "name": "ReleaseSRWLockExclusive"
              },
              {
                "address": "0x1ba2a8",
                "name": "LeaveCriticalSection"
              },
              {
                "address": "0x1ba2ac",
                "name": "ReleaseMutex"
              },
              {
                "address": "0x1ba2b0",
                "name": "WaitForSingleObjectEx"
              }
            ]
          },
          "api-ms-win-core-heap-l1-1-0": {
            "dll": "api-ms-win-core-heap-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba128",
                "name": "HeapAlloc"
              },
              {
                "address": "0x1ba12c",
                "name": "HeapSetInformation"
              },
              {
                "address": "0x1ba130",
                "name": "HeapReAlloc"
              },
              {
                "address": "0x1ba134",
                "name": "GetProcessHeap"
              },
              {
                "address": "0x1ba138",
                "name": "HeapSize"
              },
              {
                "address": "0x1ba13c",
                "name": "HeapFree"
              }
            ]
          },
          "api-ms-win-core-errorhandling-l1-1-0": {
            "dll": "api-ms-win-core-errorhandling-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba07c",
                "name": "SetLastError"
              },
              {
                "address": "0x1ba080",
                "name": "GetLastError"
              },
              {
                "address": "0x1ba084",
                "name": "SetErrorMode"
              },
              {
                "address": "0x1ba088",
                "name": "UnhandledExceptionFilter"
              },
              {
                "address": "0x1ba08c",
                "name": "SetUnhandledExceptionFilter"
              }
            ]
          },
          "api-ms-win-core-processthreads-l1-1-0": {
            "dll": "api-ms-win-core-processthreads-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba1f0",
                "name": "GetStartupInfoW"
              },
              {
                "address": "0x1ba1f4",
                "name": "GetCurrentThreadId"
              },
              {
                "address": "0x1ba1f8",
                "name": "CreateProcessW"
              },
              {
                "address": "0x1ba1fc",
                "name": "CreateProcessAsUserW"
              },
              {
                "address": "0x1ba200",
                "name": "UpdateProcThreadAttribute"
              },
              {
                "address": "0x1ba204",
                "name": "InitializeProcThreadAttributeList"
              },
              {
                "address": "0x1ba208",
                "name": "GetExitCodeProcess"
              },
              {
                "address": "0x1ba20c",
                "name": "TerminateProcess"
              },
              {
                "address": "0x1ba210",
                "name": "GetCurrentProcessId"
              },
              {
                "address": "0x1ba214",
                "name": "GetCurrentProcess"
              },
              {
                "address": "0x1ba218",
                "name": "DeleteProcThreadAttributeList"
              },
              {
                "address": "0x1ba21c",
                "name": "OpenThread"
              },
              {
                "address": "0x1ba220",
                "name": "ResumeThread"
              }
            ]
          },
          "api-ms-win-core-localization-l1-2-0": {
            "dll": "api-ms-win-core-localization-l1-2-0.dll",
            "imports": [
              {
                "address": "0x1ba184",
                "name": "GetLocaleInfoW"
              },
              {
                "address": "0x1ba188",
                "name": "FormatMessageW"
              },
              {
                "address": "0x1ba18c",
                "name": "SetThreadLocale"
              },
              {
                "address": "0x1ba190",
                "name": "GetACP"
              },
              {
                "address": "0x1ba194",
                "name": "GetThreadLocale"
              },
              {
                "address": "0x1ba198",
                "name": "GetUserDefaultLCID"
              },
              {
                "address": "0x1ba19c",
                "name": "GetCPInfo"
              }
            ]
          },
          "api-ms-win-core-debug-l1-1-0": {
            "dll": "api-ms-win-core-debug-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba05c",
                "name": "OutputDebugStringW"
              },
              {
                "address": "0x1ba060",
                "name": "IsDebuggerPresent"
              },
              {
                "address": "0x1ba064",
                "name": "DebugBreak"
              }
            ]
          },
          "api-ms-win-core-handle-l1-1-0": {
            "dll": "api-ms-win-core-handle-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba11c",
                "name": "CloseHandle"
              },
              {
                "address": "0x1ba120",
                "name": "DuplicateHandle"
              }
            ]
          },
          "api-ms-win-core-memory-l1-1-0": {
            "dll": "api-ms-win-core-memory-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba1a4",
                "name": "VirtualFree"
              },
              {
                "address": "0x1ba1a8",
                "name": "VirtualAlloc"
              },
              {
                "address": "0x1ba1ac",
                "name": "VirtualQuery"
              },
              {
                "address": "0x1ba1b0",
                "name": "ReadProcessMemory"
              }
            ]
          },
          "api-ms-win-core-console-l1-1-0": {
            "dll": "api-ms-win-core-console-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba008",
                "name": "ReadConsoleW"
              },
              {
                "address": "0x1ba00c",
                "name": "WriteConsoleW"
              },
              {
                "address": "0x1ba010",
                "name": "GetConsoleMode"
              },
              {
                "address": "0x1ba014",
                "name": "SetConsoleMode"
              },
              {
                "address": "0x1ba018",
                "name": "SetConsoleCtrlHandler"
              },
              {
                "address": "0x1ba01c",
                "name": "GetConsoleOutputCP"
              }
            ]
          },
          "api-ms-win-core-file-l1-1-0": {
            "dll": "api-ms-win-core-file-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba094",
                "name": "ReadFile"
              },
              {
                "address": "0x1ba098",
                "name": "GetFileAttributesW"
              },
              {
                "address": "0x1ba09c",
                "name": "GetFileSize"
              },
              {
                "address": "0x1ba0a0",
                "name": "SetFilePointer"
              },
              {
                "address": "0x1ba0a4",
                "name": "GetFullPathNameW"
              },
              {
                "address": "0x1ba0a8",
                "name": "GetVolumePathNameW"
              },
              {
                "address": "0x1ba0ac",
                "name": "CreateFileW"
              },
              {
                "address": "0x1ba0b0",
                "name": "WriteFile"
              },
              {
                "address": "0x1ba0b4",
                "name": "SetFilePointerEx"
              },
              {
                "address": "0x1ba0b8",
                "name": "FindFirstFileExW"
              },
              {
                "address": "0x1ba0bc",
                "name": "GetDiskFreeSpaceExW"
              },
              {
                "address": "0x1ba0c0",
                "name": "FileTimeToLocalFileTime"
              },
              {
                "address": "0x1ba0c4",
                "name": "CompareFileTime"
              },
              {
                "address": "0x1ba0c8",
                "name": "RemoveDirectoryW"
              },
              {
                "address": "0x1ba0cc",
                "name": "FindFirstFileW"
              },
              {
                "address": "0x1ba0d0",
                "name": "GetFileType"
              },
              {
                "address": "0x1ba0d4",
                "name": "FindNextFileW"
              },
              {
                "address": "0x1ba0d8",
                "name": "FindClose"
              },
              {
                "address": "0x1ba0dc",
                "name": "GetVolumeInformationW"
              },
              {
                "address": "0x1ba0e0",
                "name": "SetFileTime"
              },
              {
                "address": "0x1ba0e4",
                "name": "DeleteFileW"
              },
              {
                "address": "0x1ba0e8",
                "name": "SetEndOfFile"
              },
              {
                "address": "0x1ba0ec",
                "name": "SetFileAttributesW"
              },
              {
                "address": "0x1ba0f0",
                "name": "CreateDirectoryW"
              },
              {
                "address": "0x1ba0f4",
                "name": "GetDriveTypeW"
              },
              {
                "address": "0x1ba0f8",
                "name": "FlushFileBuffers"
              },
              {
                "address": "0x1ba0fc",
                "name": "GetFileAttributesExW"
              }
            ]
          },
          "api-ms-win-core-string-l1-1-0": {
            "dll": "api-ms-win-core-string-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba264",
                "name": "WideCharToMultiByte"
              },
              {
                "address": "0x1ba268",
                "name": "MultiByteToWideChar"
              }
            ]
          },
          "api-ms-win-core-processenvironment-l1-1-0": {
            "dll": "api-ms-win-core-processenvironment-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba1b8",
                "name": "SetEnvironmentStringsW"
              },
              {
                "address": "0x1ba1bc",
                "name": "GetStdHandle"
              },
              {
                "address": "0x1ba1c0",
                "name": "SetEnvironmentVariableW"
              },
              {
                "address": "0x1ba1c4",
                "name": "GetCurrentDirectoryW"
              },
              {
                "address": "0x1ba1c8",
                "name": "FreeEnvironmentStringsW"
              },
              {
                "address": "0x1ba1cc",
                "name": "ExpandEnvironmentStringsW"
              },
              {
                "address": "0x1ba1d0",
                "name": "GetEnvironmentVariableW"
              },
              {
                "address": "0x1ba1d4",
                "name": "GetEnvironmentStringsW"
              },
              {
                "address": "0x1ba1d8",
                "name": "SetCurrentDirectoryW"
              },
              {
                "address": "0x1ba1dc",
                "name": "SearchPathW"
              },
              {
                "address": "0x1ba1e0",
                "name": "GetCommandLineW"
              }
            ]
          },
          "api-ms-win-core-console-l2-1-0": {
            "dll": "api-ms-win-core-console-l2-1-0.dll",
            "imports": [
              {
                "address": "0x1ba024",
                "name": "SetConsoleTextAttribute"
              },
              {
                "address": "0x1ba028",
                "name": "GetConsoleScreenBufferInfo"
              },
              {
                "address": "0x1ba02c",
                "name": "FillConsoleOutputAttribute"
              },
              {
                "address": "0x1ba030",
                "name": "FlushConsoleInputBuffer"
              },
              {
                "address": "0x1ba034",
                "name": "FillConsoleOutputCharacterW"
              },
              {
                "address": "0x1ba038",
                "name": "SetConsoleCursorPosition"
              },
              {
                "address": "0x1ba03c",
                "name": "ScrollConsoleScreenBufferW"
              }
            ]
          },
          "api-ms-win-security-base-l1-1-0": {
            "dll": "api-ms-win-security-base-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba304",
                "name": "RevertToSelf"
              },
              {
                "address": "0x1ba308",
                "name": "GetSecurityDescriptorOwner"
              },
              {
                "address": "0x1ba30c",
                "name": "GetFileSecurityW"
              }
            ]
          },
          "api-ms-win-core-sysinfo-l1-1-0": {
            "dll": "api-ms-win-core-sysinfo-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba2c0",
                "name": "GetSystemTimeAsFileTime"
              },
              {
                "address": "0x1ba2c4",
                "name": "GetSystemTime"
              },
              {
                "address": "0x1ba2c8",
                "name": "GetTickCount"
              },
              {
                "address": "0x1ba2cc",
                "name": "SetLocalTime"
              },
              {
                "address": "0x1ba2d0",
                "name": "GetLocalTime"
              },
              {
                "address": "0x1ba2d4",
                "name": "GetVersion"
              },
              {
                "address": "0x1ba2d8",
                "name": "GetWindowsDirectoryW"
              }
            ]
          },
          "api-ms-win-core-timezone-l1-1-0": {
            "dll": "api-ms-win-core-timezone-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba2ec",
                "name": "FileTimeToSystemTime"
              },
              {
                "address": "0x1ba2f0",
                "name": "SystemTimeToFileTime"
              }
            ]
          },
          "api-ms-win-core-datetime-l1-1-0": {
            "dll": "api-ms-win-core-datetime-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba050",
                "name": "GetTimeFormatW"
              },
              {
                "address": "0x1ba054",
                "name": "GetDateFormatW"
              }
            ]
          },
          "api-ms-win-core-systemtopology-l1-1-0": {
            "dll": "api-ms-win-core-systemtopology-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba2e0",
                "name": "GetNumaHighestNodeNumber"
              },
              {
                "address": "0x1ba2e4",
                "name": "GetNumaNodeProcessorMaskEx"
              }
            ]
          },
          "api-ms-win-core-console-l2-2-0": {
            "dll": "api-ms-win-core-console-l2-2-0.dll",
            "imports": [
              {
                "address": "0x1ba044",
                "name": "SetConsoleTitleW"
              },
              {
                "address": "0x1ba048",
                "name": "GetConsoleTitleW"
              }
            ]
          },
          "api-ms-win-core-processenvironment-l1-2-0": {
            "dll": "api-ms-win-core-processenvironment-l1-2-0.dll",
            "imports": [
              {
                "address": "0x1ba1e8",
                "name": "NeedCurrentDirectoryForExePathW"
              }
            ]
          },
          "api-ms-win-core-registry-l1-1-0": {
            "dll": "api-ms-win-core-registry-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba240",
                "name": "RegSetValueExW"
              },
              {
                "address": "0x1ba244",
                "name": "RegCreateKeyExW"
              },
              {
                "address": "0x1ba248",
                "name": "RegOpenKeyExW"
              },
              {
                "address": "0x1ba24c",
                "name": "RegQueryValueExW"
              },
              {
                "address": "0x1ba250",
                "name": "RegCloseKey"
              },
              {
                "address": "0x1ba254",
                "name": "RegDeleteValueW"
              },
              {
                "address": "0x1ba258",
                "name": "RegDeleteKeyExW"
              },
              {
                "address": "0x1ba25c",
                "name": "RegEnumKeyExW"
              }
            ]
          },
          "api-ms-win-core-file-l2-1-0": {
            "dll": "api-ms-win-core-file-l2-1-0.dll",
            "imports": [
              {
                "address": "0x1ba104",
                "name": "CreateSymbolicLinkW"
              },
              {
                "address": "0x1ba108",
                "name": "GetFileInformationByHandleEx"
              },
              {
                "address": "0x1ba10c",
                "name": "MoveFileExW"
              },
              {
                "address": "0x1ba110",
                "name": "MoveFileWithProgressW"
              },
              {
                "address": "0x1ba114",
                "name": "CreateHardLinkW"
              }
            ]
          },
          "api-ms-win-core-heap-l2-1-0": {
            "dll": "api-ms-win-core-heap-l2-1-0.dll",
            "imports": [
              {
                "address": "0x1ba144",
                "name": "GlobalFree"
              },
              {
                "address": "0x1ba148",
                "name": "GlobalAlloc"
              },
              {
                "address": "0x1ba14c",
                "name": "LocalFree"
              }
            ]
          },
          "api-ms-win-core-io-l1-1-0": {
            "dll": "api-ms-win-core-io-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba154",
                "name": "DeviceIoControl"
              }
            ]
          },
          "api-ms-win-core-winrt-l1-1-0": {
            "dll": "api-ms-win-core-winrt-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba2f8",
                "name": "RoInitialize"
              },
              {
                "address": "0x1ba2fc",
                "name": "RoUninitialize"
              }
            ]
          },
          "api-ms-win-core-processtopology-l1-1-0": {
            "dll": "api-ms-win-core-processtopology-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba228",
                "name": "GetThreadGroupAffinity"
              }
            ]
          },
          "api-ms-win-core-synch-l1-2-0": {
            "dll": "api-ms-win-core-synch-l1-2-0.dll",
            "imports": [
              {
                "address": "0x1ba2b8",
                "name": "Sleep"
              }
            ]
          },
          "api-ms-win-core-profile-l1-1-0": {
            "dll": "api-ms-win-core-profile-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba238",
                "name": "QueryPerformanceCounter"
              }
            ]
          },
          "api-ms-win-core-string-obsolete-l1-1-0": {
            "dll": "api-ms-win-core-string-obsolete-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba270",
                "name": "lstrcmpW"
              },
              {
                "address": "0x1ba274",
                "name": "lstrcmpiW"
              }
            ]
          },
          "api-ms-win-core-processtopology-obsolete-l1-1-0": {
            "dll": "api-ms-win-core-processtopology-obsolete-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba230",
                "name": "SetProcessAffinityMask"
              }
            ]
          },
          "api-ms-win-core-apiquery-l1-1-0": {
            "dll": "api-ms-win-core-apiquery-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba000",
                "name": "ApiSetQueryApiSetPresence"
              }
            ]
          },
          "api-ms-win-core-delayload-l1-1-1": {
            "dll": "api-ms-win-core-delayload-l1-1-1.dll",
            "imports": [
              {
                "address": "0x1ba074",
                "name": "ResolveDelayLoadedAPI"
              }
            ]
          },
          "api-ms-win-core-delayload-l1-1-0": {
            "dll": "api-ms-win-core-delayload-l1-1-0.dll",
            "imports": [
              {
                "address": "0x1ba06c",
                "name": "DelayLoadFailureHook"
              }
            ]
          }
        },
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0004a4c8",
            "size": "0x000002f8"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x0004e000",
            "size": "0x000084f8"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00057000",
            "size": "0x000025f0"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x000035a0",
            "size": "0x00000054"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x000015d0",
            "size": "0x000000ac"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x0002cd9c",
            "size": "0x00000080"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00001000",
            "virtual_size": "0x0002d000",
            "size_of_data": "0x0002c000",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "6.58"
          },
          {
            "name": ".data",
            "raw_address": "0x0002c400",
            "virtual_address": "0x0002e000",
            "virtual_size": "0x0001c000",
            "size_of_data": "0x0001b200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.11"
          },
          {
            "name": ".idata",
            "raw_address": "0x00047600",
            "virtual_address": "0x0004a000",
            "virtual_size": "0x00003000",
            "size_of_data": "0x00002600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "5.63"
          },
          {
            "name": ".didat",
            "raw_address": "0x00049c00",
            "virtual_address": "0x0004d000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.73"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00049e00",
            "virtual_address": "0x0004e000",
            "virtual_size": "0x00009000",
            "size_of_data": "0x00008600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "4.36"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00052400",
            "virtual_address": "0x00057000",
            "virtual_size": "0x00003000",
            "size_of_data": "0x00002600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "6.80"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "MUI",
            "offset": "0x00056420",
            "size": "0x000000d8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.68"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0004e778",
            "size": "0x00000668",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.65"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0004ede0",
            "size": "0x000002e8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.44"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0004f0c8",
            "size": "0x00000128",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.17"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0004f1f0",
            "size": "0x00000ea8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.06"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00050098",
            "size": "0x000008a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.07"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00050940",
            "size": "0x00000568",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "0.71"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00050ea8",
            "size": "0x0000169e",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "7.85"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00052548",
            "size": "0x000025a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.88"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00054af0",
            "size": "0x000010a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.97"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00055b98",
            "size": "0x00000468",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.17"
          },
          {
            "name": "RT_GROUP_ICON",
            "offset": "0x00056000",
            "size": "0x00000092",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.90"
          },
          {
            "name": "RT_VERSION",
            "offset": "0x00056098",
            "size": "0x00000388",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.50"
          },
          {
            "name": "RT_MANIFEST",
            "offset": "0x0004e350",
            "size": "0x00000426",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "5.00"
          }
        ],
        "versioninfo": [
          {
            "name": "CompanyName",
            "value": "Microsoft Corporation"
          },
          {
            "name": "FileDescription",
            "value": "Windows Command Processor"
          },
          {
            "name": "FileVersion",
            "value": "10.0.19041.746 (WinBuild.160101.0800)"
          },
          {
            "name": "InternalName",
            "value": "cmd"
          },
          {
            "name": "LegalCopyright",
            "value": "© Microsoft Corporation. All rights reserved."
          },
          {
            "name": "OriginalFilename",
            "value": "Cmd.Exe"
          },
          {
            "name": "ProductName",
            "value": "Microsoft® Windows® Operating System"
          },
          {
            "name": "ProductVersion",
            "value": "10.0.19041.746"
          },
          {
            "name": "Translation",
            "value": "0x0409 0x04b0"
          }
        ],
        "imphash": "392b4d61b1d1dadc1f06444df258188a",
        "timestamp": "2102-04-20 00:53:43",
        "icon": "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAACp0lEQVR4nO2ZPW/TQByHH8cpUyWQ2NjKd+AjNK1U1ZGQkBjZYWNhQAIEUmFgKuwsSEhISElV0TeoVFUsnSLUgS6J2nRJA0mTpknss8OQ2thN3Z7Tl5ORH+lyf/sud7+fz3e+OJCQkBBrNIDnL2ceaZo2q1qMDJ1O+/HMqxfvAAvopQE0TZu9e+++MlHvP+QAePgge+bxl8+f3gIfgRpgpq9a7Em4QmWPgetAC78BPZWiUS2f2Vkv+BG5/Hidftav2/PlbvJz89ZtN0wDKTfon0nrzLx+868TXwMnxbLJcZyB2M2FENi2jRACy7K83DRN2u02nU4Hy7I8TT9/lQYuRir0MsUEz8Dx4YoLp45APp8nn8+Hli8sLFy4oKiEGsjlchiGgWEYzM3Neefn5+cD9RYXFy9PnQRSc2B6etqLp6amvHhychKApaWlC5Ylz7kn8cTEBADLy8vnFjMMUgZOu4UAMpkMACsrKxckSx7vOXB8Ecpms94EDruF/IyPjwdGYXV1NbTT0dFRAG/Nd9F1HV3XA88LaQPVWmOg0DCMMxsAME2TWq3G2NgYzWaTRqOBpmlS3/Vj2za2bYeWV37vD5wbei/UbDapVCrs7e1Rr9eHbebcRDIghGBnZ4dSqcTh4eFlaYqElIGDgwOKxSK7u7sIIS5bUyRONSCEYGtri2KxKDWhVOBbhYLLULlcZnNzk263e+WiojAwAo7jUCgU2N7eVqEnMgEDpmmysbFBtVpVpScyngHH6bG2tkar1VKpJzLeVkLYduzEw//0iyyuJAZUkxhQTWJANYkB1cTeQGA3+u1HQZWOoUkD7NfrmfXvX9W9XovAs6dP7gBdQMDRf2TACHDjKI2oEBaBLvAHaAC2a0CjPxrXAF2RMFkEfRPhL5ASEhLiw1+s5V9Z8HnusgAAAABJRU5ErkJggg==",
        "icon_hash": "00d152c1523e56c619d25f6c96c21a41",
        "icon_fuzzy": "e55641fba39eaff4ee89e5fc0af8f337",
        "icon_dhash": "a2ae7a370101a3c0",
        "imported_dll_count": 37
      },
      "data": null,
      "strings": [
        "Vj/Xf",
        "4*414?4F4T4[4",
        "SVWj/X",
        "?!?'?-?A?O?e?",
        "jwp]dw",
        "printf",
        "GetThreadGroupAffinity",
        "is a directory",
        "98:4;;;",
        "Cmd: %s  Type: %x ",
        "j%Yf;",
        "O<j;Z",
        "=/=G=z=",
        "GetDateFormatW",
        "MoveFileExW",
        "929O9U9f9{9F:",
        ".text$zy",
        "PROMPT",
        "_XcptFilter",
        "FlushConsoleInputBuffer",
        "(%s) %s ",
        "api-ms-win-core-localization-l1-2-0.dll",
        "<\"<'<7<",
        "Sh(PO",
        "_setmode",
        ":%:,:::C:z:",
        "LocalFree",
        "Yj Zf;",
        "owner dead",
        "no_buffer_space",
        "SetLastError",
        "destination_address_required",
        "protocol not supported",
        "j\"ZRV",
        "QQSVW",
        "FindFirstFileW",
        "RWRVh",
        "j:Xf9A",
        ">F>^>s>",
        "344D4P4Y4a4",
        "not a stream",
        "Application",
        "FindFirstFileExW",
        "<<=F=Y=c=",
        "=c>p>",
        "_lock",
        "onecore\\base\\cmd\\StartShellExecServiceProvider.h",
        "0+1b1",
        "string too long",
        "jdXf;",
        "</assembly>",
        "too_many_files_open",
        "YY[_3",
        "    <security>",
        "??1type_info@@UAE@XZ",
        "eIDATx",
        "L$0Qh",
        ".data$pr00",
        "api-ms-win-core-synch-l1-2-0.dll",
        "GetModuleFileNameW",
        "_get_osfhandle",
        "848<8s8",
        "tYh$ ",
        "wwwwwwwwwwwwwww",
        "6!6'6-636=6L6R6Z6y6~6",
        "CloseHandle",
        "GetNumaHighestNodeNumber",
        "959U9",
        "memcpy",
        "=A=W=^=g=",
        ";Q<Z<",
        ".rsrc$02",
        ";';9;I;O;q;",
        "L$,RQh",
        "??_V@YAXPAX@Z",
        ";';-;V;g;m;",
        "network_down",
        "_dup2",
        "wcstol",
        "j/Yf;",
        "PQQQV",
        "2:3H3|3",
        "</application>",
        "3*313Z3w3",
        "?\"?d?p?x?",
        "StringFileInfo",
        ".rsrc",
        "C:\\Users\\cape\\AppData\\Local\\Temp",
        "<noalias>",
        "F8^f90u",
        "realloc",
        "1#1*1",
        "ext-ms-win-branding-winbrand-l1-1-1",
        "v<Wh@:",
        "ERASE",
        "WWWSQ",
        "too many files open in system",
        "_CxxThrowException",
        "tDSSSS",
        "5\"5'5.565F5",
        "ShellExecuteWorker",
        ".didat",
        "__setusermatherr",
        "5u6~6",
        "GetThreadLocale",
        "api-ms-win-core-string-obsolete-l1-1-0.dll",
        "63696H6M6U6p6",
        "727Y7",
        "START",
        "HeapFree",
        "System",
        "_errno",
        "FormatMessageW",
        "SEPARATE",
        "SHIFT",
        "NtCancelSynchronousIoFile",
        "0<1R1g1v1|1",
        "9T:Z:",
        "Msg:[%ws] ",
        "7]8i8v8",
        "t\\SWj",
        ".00cfg",
        "RtlFreeUnicodeString",
        ">*>t>{>",
        "lstrcmpW",
        ".rdata$00$brc",
        "u)Rh7#",
        "=ExitCode",
        "resource unavailable try again",
        "api-ms-win-core-io-l1-1-0.dll",
        "no lock available",
        "HeapSetInformation",
        ">2>X>e>t>",
        "tEht&",
        "31383",
        "GlobalFree",
        "2$3/3:3H3p3",
        "@.reloc",
        "'j:Xj.f",
        "<5<=<F<L<",
        "j-[f;",
        "Copyright (c) Microsoft Corporation. All rights reserved.",
        "RegDeleteKeyExW",
        "UpdateProcThreadAttribute",
        "VPh]#",
        "3%3X3}3",
        "connection_refused",
        "f;D$,u",
        "api-ms-win-core-registry-l1-1-0.dll",
        "PPPQPPVV",
        "D$`PV",
        "no_protocol_option",
        "bad allocation",
        "directory not empty",
        ": :.:G:M:S:Z:`:k:r:",
        "_open_osfhandle",
        "j Yf9",
        "Software\\Microsoft\\Command Processor",
        "    version=\"5.1.0.0\"",
        ">)>4>H>",
        "operation not supported",
        "_onexit",
        "VirtualAlloc",
        "wcschr",
        "D$(VW",
        "not supported",
        "304g4",
        "WGeToken: (%x) '%s'",
        "@_^[]",
        "QueryFullProcessImageNameWStub",
        "address_in_use",
        "HeapReAlloc",
        "RtlDosPathNameToNtPathName_U",
        "_wpopen",
        " [...]",
        "fflush",
        "operation not permitted",
        "D$8f90",
        "pushd ",
        ".data",
        "t5j Y",
        "CreateProcessW",
        ":S:`:",
        "D$H9D$D",
        "?Rich",
        "7C8]8",
        "ASSOC",
        "7 848v8{8Q9v9",
        "address_family_not_supported",
        "0$0,040<0D0L0T0X0\\0`0d0h0l0p0t0x0|0",
        "resource deadlock would occur",
        "='>9>D>R>_>",
        "UnhandledExceptionFilter",
        ".?AVlength_error@std@@",
        "ERRORLEVEL",
        "%s (%s) %s",
        "4N4m4}4",
        "CopyFileW",
        ":2;_;",
        "u%6RRRRRPp",
        "value too large",
        "=L>h>",
        "6.6A6I6m6s6y6",
        "3#4L4",
        ";><D<I<N<S<Y<b<",
        ".idata$4",
        "575>5F5N5",
        "GetExitCodeProcess",
        "uqj?Z",
        "start /wait \"\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\"",
        "wcstoul",
        "tJSh$$",
        ".rdata$brc",
        "SetErrorMode",
        "3)515",
        ".text$mn",
        "invalid string position",
        "<J=S=j=",
        "3(343@3L3",
        "read only file system",
        "CreateFileW",
        "80848H8L8`8d8x8|8",
        "Sleep",
        ".data$00",
        "system",
        "CreateSemaphoreExW",
        "dw06dwPLew`adwpLew",
        "iswalpha",
        "WideCharToMultiByte",
        "ext-ms-win-shell-shell32-l1-2-3",
        ".rdata$zz$brc",
        ">1?9?",
        "host unreachable",
        "SetLocalTime",
        "<3=t=",
        "towupper",
        ":.;^;",
        "WaitForSingleObjectEx",
        "v<hp:",
        ".text$np",
        "?$?+???I?{?",
        "[%hs(%hs)]",
        ".data$dk00$brc",
        "broken pipe",
        ".text$x",
        "4)4G4",
        "80J0f0u0",
        "j$Xf;",
        "QPh,\"",
        "GetFileType",
        "0=0Q0W0",
        "8#9(9U9p9|9",
        "RtlFindLeastSignificantBit",
        "=)>A>",
        "RegSetValueExW",
        "@$9Q w",
        "3)4P4`4",
        "iswdigit",
        "+C F;C w",
        "protocol_not_supported",
        "%d.%d.%05d.%d",
        "L$xQQ3",
        "j\\Xf;",
        "1Q2r2",
        "YY8\\$",
        " Operating System",
        "memmove",
        "uBSWR",
        "=.=?=L=Z=r={=",
        "RWhl;",
        "RRRRP%",
        ":$;4;",
        "CHDIR",
        "8\"8*82878>8F8U8a8l8",
        "8<8K8",
        "WaitForSingleObject",
        "LookupAccountSidWStub",
        "t$,WQ",
        "GetCurrentProcess",
        "7&7-7=7S7Z7f7}7",
        "operation in progress",
        "SetFileTime",
        "465Y5s5",
        ";4;L;`;d;x;|;",
        "srand",
        "connection_reset",
        "result out of range",
        "0!1q1",
        "ResolveDelayLoadedAPI",
        "bad_file_descriptor",
        "RoInitialize",
        "SWhl;",
        "1 1&1C1~1",
        "GetVolumePathNameW",
        "91:;:L:`:j:{:",
        "_wcsupr",
        "7(7,7@7D7X7\\7p7t7",
        ";P;V;",
        "21262>2",
        "SetFilePointer",
        "    processorArchitecture=\"x86\"",
        ".rsrc$01",
        "L$ PSV",
        "8B9_9z9",
        "MKDIR",
        "2%232C2N2e2z2",
        "timed_out",
        "api-ms-win-core-processenvironment-l1-2-0.dll",
        "ext-ms-win-shell-shell32-l1-2-0",
        "already_connected",
        "L$ h(#",
        "4W5d5s5",
        "fprintf",
        "WriteFile",
        "wwwwwwwwwwwwwwwwwwwww",
        "0A0\\0e0k0p0y0",
        "8/8Q8",
        "8(8/8G8h8t8z8",
        "090C0",
        "D$|QP",
        "        </requestedPrivileges>",
        "wwwwwwww",
        "            />",
        "operation canceled",
        "j:Xf9F",
        "api-ms-win-core-libraryloader-l1-2-0.dll",
        ">_^[]",
        "P8QRu",
        "GetFileInformationByHandleEx",
        "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>",
        "9n9z9",
        "api-ms-win-core-datetime-l1-1-0.dll",
        "5(5<5V5]5~5",
        "RtlNtStatusToDosError",
        "DIRCMD",
        ";8;m;w;",
        "GetLastError",
        "address family not supported",
        "D$,SVW",
        "cross device link",
        "device or resource busy",
        "9Q9y9",
        "invalid_argument",
        "__p__fmode",
        "LoadLibraryExW",
        "malloc",
        "t$TShT#",
        "5@6^657T7r7",
        "ReleaseMutex",
        "argument list too long",
        "operation_would_block",
        "WSh!'",
        "GetLocaleInfoW",
        "314V4n4",
        "j\\Yf9",
        "@8f90",
        "WriteConsoleW",
        "0*1Q1",
        "j\"Xf9",
        "connection_aborted",
        "D3blc",
        "@u-QQ",
        "api-ms-win-core-timezone-l1-1-0.dll",
        "tSj/Z",
        "too many files open",
        "=>=I=N=",
        "ENABLEEXTENSIONS",
        "GetProcessHeap",
        "GetConsoleTitleW",
        "8S8Y8",
        "8.8X8",
        "4P4V4n4v4",
        "QShc#",
        "address not available",
        "QQVWj",
        "_close",
        "j\\^f9q",
        ";-<F<P<U<e<",
        "*)))))))))))))))))))))",
        "no link",
        "t$ WWWV",
        "RMDIR",
        "Aj\\^3",
        "ENABLEDELAYEDEXPANSION",
        "iostream",
        ":&:X:",
        "YYf9}",
        "GetCommandLineW",
        "%04X-%04X",
        "5dwPlhw",
        "0f;2u",
        "X<j(Y",
        "j\\^f92u",
        "j\\Xj*f9DK",
        "2)202T2e2k2",
        "@PVVWS",
        "api-ms-win-core-processenvironment-l1-1-0.dll",
        "FindNextFileW",
        "CmdBatNotificationStub",
        "2$2+272<2E2J2P2X2^2f2n2",
        "D$xPj",
        ":2:C:q:",
        "2#3l3",
        "not a socket",
        "3!3H3O3Z3b3n3",
        "_unlock",
        "=-=c=",
        " /K %s",
        "3_3s3",
        "='=5=C=T=\\=r=z=",
        "DisableCMD",
        "<!<T<^<l<",
        "FindNextStreamWStub",
        ".CRT$XIA",
        "NtSetInformationFile",
        "9 979F9",
        "Y__^[",
        "SetConsoleCtrlHandler",
        "SetThreadUILanguage",
        "8\"8<8h8",
        "0P0W0f0m0|0",
        "DISABLEDELAYEDEXPANSION",
        ".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC",
        "D$xPh",
        ".CRT$XIZ",
        "ApiSetQueryApiSetPresence",
        "APerformUnaryOperation: '%c'",
        "QSVWj",
        "connection refused",
        "no stream resources",
        "2A3K3O3Z3d3h3r3",
        "(caller: %p) ",
        "not_connected",
        "j\\Zj:Y",
        "ReleaseSemaphore",
        "PAUSE",
        "BREAK",
        "<!-- Copyright (c) Microsoft Corporation -->",
        "NTDLL.DLL",
        ".bss$zz",
        "PSh[#",
        "5.5=5J5V5",
        "4r6}6",
        "1,1q1!2'2]2",
        "T$ WP",
        "f;D$(u",
        "CreateSymbolicLinkW",
        "Cmd.Exe",
        "%6Ru'",
        "SetConsoleMode",
        "?terminate@@YAXXZ",
        "api-ms-win-core-errorhandling-l1-1-0.dll",
        "9U:r:",
        ".CRT$XCZ",
        "identifier removed",
        "1$1,141<1D1L1T1\\1d1l1t1|1",
        ";0<7<",
        "D$LPV",
        "CMDEXTVERSION",
        "0_0h0",
        "RtlDisownModuleHeapAllocation",
        "8 8(8=8R8g8|8",
        ">:>h>",
        "CreateDirectoryW",
        "?C?H?P?o?",
        "E$uwM",
        "u3SSh,<",
        "2$2,242<2D2L2T2\\2d2l2t2|2",
        "no message available",
        "address in use",
        ".idata$5",
        "*** Unknown type: %x",
        "InitializeProcThreadAttributeList",
        "text file busy",
        "=8=X=t=x=",
        "message size",
        "D$495",
        "ReadFile",
        "NtOpenProcessToken",
        "mkdir ",
        "Ungetting: '%s'",
        "O8j?Z",
        "8?8`8",
        "%hs(%u)\\%hs!%p: ",
        "((((&&(&&&(&(&&&&&&(((#&&###",
        ".didat$6",
        "invalid argument",
        ".rdata$zzzdbg",
        "10.0.19041.746 (WinBuild.160101.0800)",
        "_ _^[",
        "GlobalAlloc",
        "DoSHChangeNotify",
        "rmdir ",
        "_vsnwprintf",
        "474=4G4L4R4`4m4{4",
        "PWhl;",
        ".CRT$XCAA",
        "I8SV3",
        ":$:-:",
        "u&QWS",
        "GetACP",
        "NtQueryInformationToken",
        "CompanyName",
        "APerformArithmeticOperation: '%c'",
        "<trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">",
        "fdpnxsatz",
        "GetSystemTimeAsFileTime",
        ".idata$3",
        "\\Shell\\Open\\Command",
        "SHARED",
        "DelayedExpansion",
        "n<DSbb",
        "O8j*Z",
        "TryAcquireSRWLockExclusive",
        "operation would block",
        "Vj ^S",
        "SearchPathW",
        "??0exception@@QAE@ABQBD@Z",
        "; ;%;9;>;X;",
        "L$8Q3",
        "uCj\\Z",
        "no protocol option",
        "C0K0Q0W0j0{0",
        "000H0h0",
        ";);B;^;",
        "5G5i5",
        "not connected",
        "RtlFreeHeap",
        "GetFileSize",
        "FillConsoleOutputAttribute",
        "2(2/2H2W2]2m2",
        "GetVDMCurrentDirectoriesStub",
        "unknown error",
        ".text$yd",
        "GetProcAddress",
        "939A9H9{9",
        "BELOWNORMAL",
        "<assemblyIdentity",
        ".text$di",
        "3H4`4o4",
        "6T6r6",
        ".bss$00",
        "<\"<(<2<8<><D<Z<",
        "4Y4,5b5E6",
        "Software\\Microsoft\\Windows NT\\CurrentVersion",
        "T$ PQS",
        "FillConsoleOutputCharacterW",
        "4m4~4",
        "RANDOM",
        "fw@Ehw",
        ".text$lp00cmd.exe!20_pri7",
        "<k<q<",
        ":':::p:v:~:",
        "<3=i=v=",
        "cmd.exe",
        "405h5",
        ">+?9?~?",
        "6 6W6",
        "??3@YAXPAX@Z",
        "=\">Q>",
        ">*?H?N?i?n?s?",
        "NtClose",
        "445(6B6k6r6",
        "OriginalFilename",
        "D$ PV",
        "message_size",
        "!wWt&H+",
        "3-3;3I3",
        "api-ms-win-core-handle-l1-1-0.dll",
        "AutoRun",
        "GetModuleFileNameA",
        "5$5,545<5D5L5T5\\5d5l5t5|5",
        "GetNumaNodeProcessorMaskEx",
        "<J<r<",
        "wrong protocol type",
        "f91t.",
        "GetModuleHandleW",
        "LeaveCriticalSection",
        "toWhp8",
        "api-ms-win-core-delayload-l1-1-0.dll",
        "no space on device",
        "1$131<1E1Z1o1~1",
        "j\\Xf9B",
        "SetCurrentDirectoryW",
        "Exception",
        "cmd.pdb",
        "LogHr",
        "_controlfp",
        "Yj f;",
        "GetFileAttributesExW",
        "?Y?s?",
        "!This program cannot be run in DOS mode.",
        "tMj Y",
        ".idata$6",
        "RoUninitialize",
        "8<8b8l8q8",
        " Windows",
        "8,8>8R8X8^8p8",
        "j.Xf9",
        "<SVW3",
        "9 9$989<9P9T9h9l9",
        ".didat$2",
        "swscanf",
        "v(h(4",
        "filename_too_long",
        "not a directory",
        " [..]",
        "Se%ae`",
        "*tr;]",
        "lstrcmpiW",
        "5%6+616K6U6a6l6~6",
        "TerminateProcess",
        "iswspace",
        "TITLE",
        "0123456789",
        "NtSetInformationProcess",
        "<X=l=x=",
        "5?6X6",
        ".?AVlogic_error@std@@",
        "7D7U7[7a7|7",
        "f;D$d",
        ": ;&;D;",
        "_setjmp3",
        "j Xf9DN",
        "VarFileInfo",
        "not enough memory",
        "no such device",
        "lext-ms-win-cmd-util-l1-1-0",
        "calloc",
        "<,<4<H<P<d<l<t<|<",
        "onecore\\base\\cmd\\maxpathawarestring.cpp",
        "?Q?V?m?",
        "7!8,8L8q8{8",
        "_exit",
        "PUSHD",
        "ext-ms-win-shell-shell32-l1-2-1",
        "FileDescription",
        "inappropriate io control operation",
        "L$(t:",
        "cCBR_p",
        ";D;H;d;h;x;",
        "6@6`6",
        "CMDCMDLINE",
        "%s=%s",
        "%02d%s%02d%s",
        ".data$r$brc",
        "ABOVENORMAL",
        "T$tRP",
        "DISABLEEXTENSIONS",
        ".gljmp",
        "GetFileSecurityW",
        "j:Xf9",
        "0/0A0",
        "    /D /c\"",
        "3$3,343<3D3L3T3\\3d3l3t3|3",
        "se%%%%% R",
        "HIGHESTNUMANODENUMBER",
        "state not recoverable",
        "GetConsoleScreenBufferInfo",
        ".bss$dk00",
        "|$$f9",
        "VShb#",
        ".CRT$XCA",
        "api-ms-win-core-console-l2-2-0.dll",
        "Local\\SM0:%d:%d:%hs",
        "j-Zj/Yf;",
        "PSh^#",
        "6-7@7T7",
        ">(>P>f>s>",
        "757S7j7",
        "313D3",
        "0 0$0(0,0004080@0",
        "api-ms-win-core-apiquery-l1-1-0.dll",
        "VirtualFree",
        "wcsspn",
        "=;=_=",
        "rEj=Xf9",
        "4C4H4",
        "<K<d<z<9=G=h=m=",
        "?+?v?",
        "    <windowsSettings xmlns:ws2=\"http://schemas.microsoft.com/SMI/2016/WindowsSettings\">",
        "<%<D<K<l<w<",
        "tBj0Y",
        "3G4N4",
        "2<3E3J3Z3k3t3}3",
        "file too large",
        "0(0=0K0T0c0h0m0",
        "GetConsoleMode",
        "D$PSV",
        "???l?y?",
        "tyj=_f;",
        "u0!G\\",
        "|$,+T$d",
        "    </windowsSettings>",
        "tbhX ",
        "/w(t`",
        "NORMAL",
        "generic",
        "HeapSize",
        "SVWt j",
        "KERNEL32.DLL",
        ";@<M<S<f<r<y<",
        "DisableUNCCheck",
        "ReadProcessMemory",
        "wwwwwwwwp",
        "??0exception@@QAE@ABV0@@Z",
        "<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">",
        "CMD Internal Error %s",
        " \"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"",
        "    <windowsSettings>",
        "4]4e4",
        ";2;I;R;];d;v;|;",
        "GetCurrentProcessId",
        "__p__commode",
        "RegCreateKeyExW",
        "ctff;",
        "NtFsControlFile",
        "2!2'2W2w2",
        "9#989P9^9b9i9o9",
        "=W>]>",
        "GetDiskFreeSpaceExW",
        "?*?E?K?",
        "=ExitCodeAscii",
        "696^6",
        "L$DQP",
        "778I8",
        "1G1^1",
        ";$;-;5;T;Z;",
        "5&5a5",
        "6&616f6{6",
        "7 73787@7\\7",
        "=O={=",
        "delims=",
        "        <requestedPrivileges>",
        "1.13191E1J1P1i1",
        "ferror",
        "QQh|4",
        ".bss$pr00",
        "SVWj$",
        "3*353B3P3Z3d3n3x3",
        "CompletionChar",
        "CreateMutexExW",
        "connection already in progress",
        "GetModuleHandleExW",
        "\\dwPagw ]dw",
        "2;2P2e2x2",
        "848B8b8g8",
        "FTYPE",
        "network down",
        "AFFINITY",
        "GetCurrentThreadId",
        "Software\\Classes",
        "j:Xf;",
        "72898E8P8e8",
        "api-ms-win-core-profile-l1-1-0.dll",
        ">!>D>L>",
        "network reset",
        "wrong_protocol_type",
        "b$j-0",
        "<!<&<1<7<A<X<n</=",
        ".rdata$zz",
        "[%hs]",
        "040904B0",
        "BrandingFormatString",
        "__getmainargs",
        "9/:z:",
        "2Q2W2]2c2h2n2",
        "REM/?",
        ">3>P>b>",
        "_pclose",
        "63696F6T6k6",
        "RegQueryValueExW",
        "_wtol",
        "longjmp",
        "2/2f2o2y2",
        "0f;2u f",
        "%02d%s%02d%s%02d",
        "destination address required",
        "%2d%s%02d%s%02d%s%02d",
        "6?6I6Y6e6",
        "T$$9T$",
        " Microsoft Corporation. All rights reserved.",
        ";,;:;",
        "SetConsoleTextAttribute",
        "api-ms-win-core-file-l1-1-0.dll",
        "f;T$8u",
        "?V?]?f?",
        "en-US",
        "7,7H7",
        "SetProcessAffinityMask",
        "@PVVWSQ",
        "SetEnvironmentStringsW",
        "RegCloseKey",
        "949P9V9`9f9s9w9",
        "f98u]",
        ":(:D:H:d:h:",
        "2]3i3{3",
        "9#9+9C9[9b9}9",
        "001>1N1p1u1",
        "iswxdigit",
        "'Px0&D",
        "NDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
        "IDI_APPICON",
        "Microsoft Corporation",
        "t$<hx@",
        "GetWindowsDirectoryW",
        "ext-ms-win-branding-winbrand-l1-1-2",
        "VQRPS",
        "InternalName",
        "],//cuu",
        "VPj#S",
        "D$dPS",
        "j:Yf9H",
        ">3>C>X?u?",
        "dd/MM/yy",
        "VVVQV",
        "L$XQ3",
        ":f;w;",
        "useback",
        "api-ms-win-core-console-l1-1-0.dll",
        ">9?R?d?",
        "YjDYf;",
        "354^4",
        "?=?h?o?z?",
        ":,:1:",
        "Unknown",
        "4$4.464B4J4X4`4",
        "VPSRW",
        "9!9<9s9",
        "8\"8'8<8H8O8Z8a8l8s8~8",
        "\\XCOPY.EXE",
        "D$`;D$d",
        "%hs(%d) tid(%x) %08X %ws",
        "2 2&2-222=2m2s2",
        "EnterCriticalSection",
        "5G5U5b5",
        "permission denied",
        "OutputDebugStringW",
        "SetConsoleTitleW",
        "DPATH",
        "NtQueryVolumeInformationFile",
        "9+919C9H9N9S9Y9d9j9q9v9{9",
        "u\"j:Xf9F",
        "D$(PQ",
        "COMSPEC",
        "api-ms-win-core-processthreads-l1-1-0.dll",
        "f;D$8u",
        "__iob_func",
        "VERIFY",
        "0P133b3x3",
        "Scripts\\;C:\\Program Files\\Python310\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\System32\\OpenSSH\\;C:\\Users\\cape\\AppData\\Local\\Microsoft\\WindowsApps;",
        "_amsg_exit",
        "ntdll.dll",
        "D$pPS",
        "CCCC@40`P@ ",
        "9*:P:}:",
        "j\"Yf9",
        "CMD.EXE",
        "0,090",
        "RegDeleteValueW",
        ">Q>_>t>{>",
        ":X:l:",
        "t#h4&",
        "connection_already_in_progress",
        ".?AVexception@@",
        ">8>E>",
        "usebackq",
        "ExpandEnvironmentStringsW",
        "D$D;D$,",
        "60676C6Y6a6h6{6",
        "GetConsoleWindow",
        "N8WQj",
        "FlushFileBuffers",
        "7E8O8",
        "DelayLoadFailureHook",
        "D$ PW",
        "SetThreadLocale",
        "api-ms-win-core-string-l1-1-0.dll",
        "_wcsnicmp",
        "%s %s ",
        "t$ t%S",
        "1%1+1P1l1}1",
        "iH4-N",
        "ext-ms-win-shell-shell32-l1-3-0",
        "j=Xf9",
        "<!<1<7<B<H<T<d<m<~<",
        "permission_denied",
        ":):R:",
        "REALTIME",
        ">x?}?",
        ">&?.?D?L?i?s?",
        "tef93t`",
        "operation_not_supported",
        "__set_app_type",
        "WShD#",
        "`j/Yf;",
        "ReturnHr",
        "x4j/Z",
        "8::@:T:Z:`:j:t:{:",
        "<application  xmlns=\"urn:schemas-microsoft-com:asm.v3\">",
        ">i?y?",
        "LegalCopyright",
        "host_unreachable",
        "vDhd:",
        "L$\\_^[3",
        "L$8RQRP",
        "                uiAccess=\"false\"",
        "MultiByteToWideChar",
        "CShu#",
        "NEWWINDOW",
        "FileVersion",
        "COPYCMD",
        " %x %c",
        "ENDLOCAL",
        "5 5.5<5J5",
        "7.9\\9",
        "FindClose",
        "7$8,8;8C8K8p8v8}8",
        "Microsoft",
        "7 7*7;7E7S7]7j7r7",
        "__dllonexit",
        "YjWYf+",
        "GetStartupInfoW",
        "RtlDllShutdownInProgress",
        "VPh@:",
        ";Q;p;x;",
        "QueryPerformanceCounter",
        "DeleteProcThreadAttributeList",
        "file exists",
        "ReleaseSRWLockExclusive",
        "<1<6<A<F<Q<\\<a<",
        "SetEnvironmentVariableW",
        "already connected",
        "api-ms-win-core-processtopology-obsolete-l1-1-0.dll",
        "WNetGetConnectionWStub",
        "no such process",
        "010@0N0U0",
        "WNetCancelConnection2WStub",
        "797Y7",
        ": ;&;W;};",
        "Args: `%s' ",
        "WNetAddConnection2WStub",
        "            <requestedExecutionLevel",
        "!616A6R6V6\\6`6f6j6r6v6|6",
        "<'</<n<",
        "GetFileAttributesW",
        "towlower",
        "=q?{?",
        "939S9d9~9",
        "COLOR",
        "api-ms-win-security-base-l1-1-0.dll",
        "api-ms-win-core-debug-l1-1-0.dll",
        "?what@exception@@UBEPBDXZ",
        "6)60676V6}6",
        "executable format error",
        "5>5R5",
        "=0I0N0j0q0",
        "GetVersion",
        "SetConsoleInputExeNameW",
        "D$hPQj",
        ".CRT$XCU",
        "        <ws2:longPathAware>true</ws2:longPathAware>",
        "9L:~;",
        "2V2]2",
        "DeleteFileW",
        "GetCurrentDirectoryW",
        "798P8q8",
        "v<PWhP:",
        ".CRT$XIAA",
        "1'141>1L1a1",
        "RtlCreateUnicodeStringFromAsciiz",
        "VQh(=",
        "0X1]1q1",
        ".gfids",
        "memcmp",
        "4<4l4t4z4",
        "wcsrchr",
        "msvcrt.dll",
        "6H7R7f7v7}7",
        "9):B:Q:",
        "RegOpenKeyExW",
        "    name=\"Microsoft.Windows.FileSystem.CMD\"",
        "%s %s%s ",
        "ResumeThread",
        "GetCPInfo",
        "9\"949F9M9U9[9n9u9",
        ";/;c;",
        "CompareFileTime",
        "0B0\\0",
        "Software\\Policies\\Microsoft\\Windows\\System",
        "??0exception@@QAE@ABQBDH@Z",
        "ProductName",
        "network unreachable",
        "9~(s+j",
        "SVWQQj",
        "_wcsicmp",
        "DuplicateHandle",
        "api-ms-win-core-kernel32-legacy-l1-1-0.dll",
        "ScrollConsoleScreenBufferW",
        "<$=,=<=R=Z=j=~=",
        "VPj!S",
        "GetTimeFormatW",
        ".didat$4",
        "#0;0M0}0",
        "D$4Pj",
        "3!3)3;3A3",
        "131w1W3]3z3",
        "not_a_socket",
        "IsDebuggerPresent",
        "829Q9^:",
        "SetFileAttributesW",
        "8#828A8F8Z8i8",
        "j\"Zf;",
        "CreateProcessAsUserW",
        "t5PPQh",
        "=\"=F=J=N=R=V=Z=^=b=f=j=",
        "PPWWWQ",
        "3$3)313;3E3M3X3`3j3t3",
        "-dw0cfw",
        "t$<WP",
        ".giats",
        "7\"7D7K7Q7f7k7s7",
        ".CRT$XIY",
        "\\CMD.EXE",
        "tokens=",
        "GetFullPathNameW",
        "4'40474>4Y4c4l4v4",
        "SetConsoleCursorPosition",
        "5;5B5j5",
        "3B3_3",
        "network_unreachable",
        "4R5]5c5",
        "1e1j1",
        ")030`0",
        "j%Xf9",
        "3D3X3l3",
        "no message",
        "illegal byte sequence",
        "969E9",
        "SVWj/Xf",
        "memcpy_s",
        "9t$$~n",
        "GetSystemTime",
        ".didat$3",
        "connection aborted",
        "api-ms-win-core-winrt-l1-1-0.dll",
        "onecore\\internal\\sdk\\inc\\wil\\opensource\\wil\\resource.h",
        ".rdata",
        "T$$;T$",
        "api-ms-win-core-processtopology-l1-1-0.dll",
        "setlocale",
        "<1<:<C<",
        "`.data",
        "cG?CCRRRRP`R",
        "address_not_available",
        "GetVolumeInformationW",
        "5Y5z5",
        "FindFirstStreamWStub",
        "api-ms-win-core-synch-l1-1-0.dll",
        "041=1O1X1",
        "Null environment",
        ":-:I:Q:X:c:l:",
        "9 9B9M9_9g9l9q9",
        ".data$zz",
        "FailFast",
        "\\$0SP",
        "IF /?",
        "t+Vh5#",
        "HeapAlloc",
        "090?0H0T0",
        "L$xQ3",
        "u)Rh8#",
        "SSSSQ",
        "<;<J<Q<s<",
        "EXIST",
        "; ;&;+;1;7;K;V;[;a;g;",
        "VSh\\#",
        "j/Xf;",
        ";b<p<u<",
        "%hs!%p: ",
        "@Qm6t",
        ":-;<;K;",
        "api-ms-win-core-delayload-l1-1-1.dll",
        "(0E0k0w0",
        "FreeEnvironmentStringsW",
        "1D2d2z2",
        "j\\Xf9",
        "7Y7k7v7",
        "u#Sh)'",
        "j\\Zj:Yf",
        "fgets",
        "4$4,444<4D4L4T4\\4d4l4t4|4",
        "_tell",
        "s%hL#",
        "D$hP3",
        "bad_address",
        "RaiseFailFastException",
        "ext-ms-win-branding-winbrand-l1-1-0.dll",
        "_cexit",
        "323<3",
        "0>0r0",
        ".text$zs",
        "=9=@=U=\\=l=v=",
        "filename too long",
        "t3VSh",
        "j\\Yf;",
        "4h4t4",
        "6%6<6P6g6q6|6",
        "iWWSQ",
        "171p1",
        "t\"j*Z",
        "bad address",
        "()|&=,;\"",
        ">+>>>B>F>J>N>R>V>Z>^>b>u>",
        "3ntdll.dll",
        "<description>Windows Command Processor</description>",
        "GetEnvironmentStringsW",
        "D$$9L$",
        "t;f9;t6",
        "HH:mm:ss t",
        "bad message",
        "CallContext:[%hs] ",
        "interrupted",
        "DebugBreak",
        "x]j:Xf",
        "#D$Lt",
        ":(:,:@:D:X:\\:",
        "memset",
        "<t:-,",
        "GetSecurityDescriptorOwner",
        "GetStdHandle",
        "0 0B0b0",
        "protocol error",
        "1#101O1\\1x1",
        "stream timeout",
        "|$B:tQ",
        "2$2_2e2l2",
        "9*989]9l9",
        "RENAME",
        "api-ms-win-core-file-l2-1-0.dll",
        "iostream stream error",
        "SETLOCAL",
        "RevertToSelf",
        "3*3/3y3",
        "5#636D6U6",
        "network_reset",
        "5?5g5n5",
        "OpenThread",
        ".?AVout_of_range@std@@",
        "=0=]=h=",
        "kernelbase.dll",
        "api-ms-win-core-sysinfo-l1-1-0.dll",
        "NtQueryInformationProcess",
        "operation_in_progress",
        "NtOpenFile",
        "SetFilePointerEx",
        "*taf;M",
        "v<YY3",
        "ext-ms-win-shell-shell32-l1-2-0.dll",
        "?Q?X?",
        ".didat$7",
        "4`5d5h5l5p5t5",
        "j hd;",
        "7I7h7",
        "RemoveDirectoryW",
        "<$<8<<<@<D<H<L<P<T<X<\\<`<d<h<p<t<x<|<",
        "SVWj,",
        "_local_unwind4",
        "pqacG%%apppppppaB",
        "323B3]3g3",
        ";\\$(r",
        "api-ms-win-core-systemtopology-l1-1-0.dll",
        "ext-ms-win-branding-winbrand-l1-1-0",
        "6,7B7I7g7n7",
        "6\"6(6,6?6D6U6s6y6",
        "6,7E7M7",
        ".text$zz",
        "t*h0$",
        "GetUserDefaultLCID",
        ":#:(:8:n:{:",
        "7H8e8",
        "VS_VERSION_INFO",
        "jDXP3",
        "chdir ",
        "6 686@6",
        "t$0j ",
        "D$ Ph",
        "tMj\\YQ",
        "ShellExecuteExW",
        "QRRRP",
        "GetConsoleOutputCP",
        "VirtualQuery",
        "GetLocalTime",
        "4sf9>",
        "XXX8Pvh8v",
        ";O;^;v;};",
        "6!7k7",
        "j\"[umf9",
        "RtlReleaseRelativeName",
        "<>+-*/%()|^&=,",
        "_pipe",
        "3/363G3",
        "wcsncmp",
        "MKLINK",
        "too many symbolic link levels",
        "<$<j<o<t<",
        "ext-ms-win-shell-shell32-l1-2-2",
        "api-ms-win-core-console-l2-1-0.dll",
        ">C>Z>o>",
        ".text",
        "FOR/?",
        "RegEnumKeyExW",
        "3%4}4",
        "_ultoa",
        "mgw`dgwP",
        "0\"1R1",
        "<q=P>w>",
        ".idata$2",
        "`gw@ufw",
        "=B>O>\\>",
        "wcsstr",
        "MoveFileWithProgressW",
        "*0L0w0",
        "        <dpiAware  xmlns=\"http://schemas.microsoft.com/SMI/2005/WindowsSettings\">true</dpiAware>",
        "no buffer space",
        "t$pVQ",
        "wait \"\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\"",
        "4qaCCRCCCB",
        "vHYY3",
        "NtOpenThreadToken",
        "4#4F4",
        "MessageBeepStub",
        "91:K:\\:",
        "t%j\\Xf;",
        "SetEndOfFile",
        "D$&PVj",
        ":X:b:t:",
        "CreateHardLinkW",
        "j.Yf;",
        "ReleaseSRWLockShared",
        "ext-ms-win-cmd-util-l1-1-0.dll",
        ".?AVbad_alloc@std@@",
        "_initterm",
        "D$,SPQ",
        ".data$brc",
        "PATHEXT",
        ":=:C:M:S:\\:a:",
        "??1exception@@UAE@XZ",
        "D$(PV",
        " }0j@",
        "EnableExtensions",
        "InitializeCriticalSection",
        ";2<K<[<",
        "7c7u7",
        "f;D$$u",
        "7$7*767=7I7Q7^7z7",
        "1j1o1",
        "RShl;",
        "<\"=1=C=",
        "VCShv#",
        "DEFINED",
        "j\\Zj:^f9p",
        "too many links",
        "_callnewh",
        " v,PW",
        "RtlDosPathNameToRelativeNtPathName_U_WithStatus",
        "FOR /?",
        "ProductVersion",
        "    </security>",
        "qsort",
        "PU,//",
        "OpenSemaphoreW",
        "yy/MM/dd",
        "CSVFS",
        "3c4p4",
        "1W1^1",
        "FileTimeToLocalFileTime",
        "connection reset",
        "VVVVR",
        "__CxxFrameHandler3",
        "skip=",
        "1i1r1|1",
        "<0W0b0f0r0v0",
        "j\"Yf;",
        "9s:z:",
        "bad file descriptor",
        "REM /?",
        "WilError_03",
        "=,;+/[] ",
        "api-ms-win-core-heap-l1-1-0.dll",
        ": :&:N:m:",
        "{~WPh",
        ">1>>>V>l>",
        "ext-ms-win-branding-winbrand-l1-2-0",
        "VtPh(#",
        "60666:6G6U6k6u6",
        "9E9S9",
        "u4h4'",
        "_purecall",
        "979V9]9r9y9",
        "????????.???",
        "GetTickCount",
        "FileTimeToSystemTime",
        "0;0m0",
        "8&888",
        "708[8",
        "SaferWorker",
        ".xdata$x",
        "                level=\"asInvoker\"",
        "t$Sh4&",
        "j\"[f;",
        "</trustInfo>",
        "Windows Command Processor",
        "9 969;9C9e9",
        "NeedCurrentDirectoryForExePathW",
        "_except_handler4_common",
        "PShT>",
        "DeviceIoControl",
        ".rdata$00",
        ".rdata$sxdata",
        ".didat$5",
        "api-ms-win-core-memory-l1-1-0.dll",
        "6h7l7p7t7x7",
        "979C9S9l9",
        "4I4X4",
        "%WINDOWS_COPYRIGHT%",
        "4'5A5",
        "Wj:Xf9F",
        "no such file or directory",
        "SystemTimeToFileTime",
        "ReadConsoleW",
        "GetDriveTypeW",
        "    type=\"win32\"",
        ".idata",
        "_getch",
        "QQSVW3",
        "_wcslwr",
        "8'8.8H8",
        "1B1N1i1t1",
        "PathCompletionChar",
        "timed out",
        "4_5p5~5",
        "function not supported",
        "j\\^f91",
        "7E7J7`7",
        "j\\Zf9",
        "7)7x7",
        "io error",
        ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.PYW",
        "D$$Ph",
        "argument out of domain",
        "prRRRPa",
        "2&3t3",
        "0Ph4:",
        "7<7^7",
        "N<Gf9",
        "j:Zf;",
        "!KD4)#",
        "MM/dd/yy",
        "DefaultColor",
        "=-=?=b=",
        "9+9[9",
        "api-ms-win-core-heap-l2-1-0.dll",
        " &()[]{}^=;!%'+,`~",
        "no child process",
        "GetEnvironmentVariableW",
        "j=XPV",
        "10.0.19041.746",
        "6'6\\6",
        "889=9C9I9o9x9",
        "Redir: ",
        "invalid seek",
        "CopyFileExW",
        "SSSSP",
        "no such device or address",
        "SetUnhandledExceptionFilter",
        "3C3O3m3",
        "AcquireSRWLockShared",
        "1>2Z2v2",
        "0B0i1",
        "Translation"
      ],
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 1,
      "cape_type": "",
      "process_path": "C:\\Windows\\SysWOW64\\cmd.exe",
      "process_name": "cmd.exe",
      "module_path": "C:\\Windows\\SysWOW64\\cmd.exe",
      "pid": 4048
    }
  ],
  "CAPE": {
    "payloads": [],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-03-05 12:03:13",
    "ended": "2026-03-05 12:04:52",
    "duration": 99,
    "id": 5,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 9,
      "status": "stopping",
      "name": "win10x64",
      "label": "win10x64",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-03-05 12:03:13",
      "shutdown_on": "2026-03-05 12:04:51"
    },
    "package": "",
    "timeout": false,
    "tlp": null,
    "parent_sample": null,
    "options": {},
    "source_url": null,
    "route": "",
    "user_id": 0,
    "CAPE_current_commit": "a9a0887dab232f52c59e955b9984dd494c47ce6b"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 4048,
        "process_name": "cmd.exe",
        "parent_id": 532,
        "module_path": "C:\\Windows\\SysWOW64\\cmd.exe",
        "first_seen": "2026-03-05 09:04:03,949",
        "calls": [
          {
            "timestamp": "2026-03-05 09:04:04,418",
            "thread_id": "6696",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-05 09:04:04,418",
            "thread_id": "6696",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-05 09:04:04,418",
            "thread_id": "852",
            "caller": "0x77981c0e",
            "parentcaller": "0x7797dbb1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000007c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 3,
            "id": 2
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "32",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xf4\\x07\\x06\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xf4\\x07\\x06\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "32",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "32",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "852",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x88\\x00\\x00\\x00(\\xef\\xf7\\x05\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xff0\\xef\\xf7\\x05\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "852",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "852",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "5372",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x88\\x00\\x00\\x00`\\xf0\\xe7\\x05\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xffh\\xf0\\xe7\\x05\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "5372",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "5372",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "5104",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x88\\x00\\x00\\x00\\x88\\xf6\\xd7\\x05\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x90\\xf6\\xd7\\x05\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "5104",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-05 09:04:04,433",
            "thread_id": "5104",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x001809de",
            "parentcaller": "0x00186a0a",
            "category": "threading",
            "api": "NtOpenThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001fffff",
                "pretty_value": "THREAD_ALL_ACCESS"
              },
              {
                "name": "ProcessId",
                "value": "4048"
              },
              {
                "name": "ThreadId",
                "value": "18446744073651945471"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e2df",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e2ff",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadUILanguage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760a4da0"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e2c8",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x004\\xf9\\xaf\\x02\\x00\\xfa\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xfa\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00180a10",
            "parentcaller": "0x00186a0a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00180a10",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xfb\\xaf\\x02\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xf8\\xbd\\xc0s\\xc8M\\xc8s\\xfc\\x91\\xbe\\x04xZ\\xc3s\\xdc\\xfb\\xaf\\x02$\\xfd\\xaf\\x02L\\xfb\\xaf\\x02\\xd8,\\xbe\\x02\\xdeMt*\\xd0\\xf6\\xaf\\x02\\x86\\xe2\\x19["
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00180a10",
            "parentcaller": "0x00186a0a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00180a10",
            "parentcaller": "0x00186a0a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00180a10",
            "parentcaller": "0x00186a0a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000230"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\System"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00181f20",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xd0\\xf4\\xc0s\\x80\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00178836",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00 \\xfb\\xaf\\x02\\x00\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017884a",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00 \\xfb\\xaf\\x02\\x00\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e328",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e33f",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e3d7",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e36e",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017e3a0",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x001782d9",
            "parentcaller": "0x0017886a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 32
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x001782d9",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Command Processor"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00178319",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "DisableUNCCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DisableUNCCheck"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00178353",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "EnableExtensions"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\EnableExtensions"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x001783a3",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "DelayedExpansion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DelayedExpansion"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x001783dd",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "DefaultColor"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DefaultColor"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017842d",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "CompletionChar"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\CompletionChar"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017849e",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "PathCompletionChar"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\PathCompletionChar"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017852c",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "AutoRun"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\AutoRun"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00178540",
            "parentcaller": "0x0017886a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x001782d9",
            "parentcaller": "0x0017886a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 42
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x001782d9",
            "parentcaller": "0x0017886a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000230"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Command Processor"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0017855a",
            "parentcaller": "0x0017886a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x00178561",
            "parentcaller": "0x0017886a",
            "category": "misc",
            "api": "srand",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "seed",
                "value": "0x69a94704"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04773000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06fe0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ff1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-05 09:04:04,449",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07001000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x00178d99",
            "parentcaller": "0x001801ce",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x0018029d",
            "parentcaller": "0x00178dc1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x02bf6a40",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x001802b6",
            "parentcaller": "0x00178dc1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x0018029d",
            "parentcaller": "0x00178dc1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x02bf6b40",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x001802b6",
            "parentcaller": "0x00178dc1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x0018029d",
            "parentcaller": "0x00178dc1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x02bf6d00",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x001802b6",
            "parentcaller": "0x00178dc1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x0018029d",
            "parentcaller": "0x00178dc1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x02bf6c40",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x001802b6",
            "parentcaller": "0x00178dc1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x0018029d",
            "parentcaller": "0x00178dc1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x02bf6780",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x001802b6",
            "parentcaller": "0x00178dc1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x00178de6",
            "parentcaller": "0x001801ce",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x0017aa00",
            "parentcaller": "0x001801ce",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c09000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x0017dcee",
            "parentcaller": "0x00178922",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c0a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x001789b1",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00D{\\x9bw\\x08\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x10\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "g\\xa0*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xef\\x9f(\\x01\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-05 09:04:04,464",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6696"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x75c633ec"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178797",
            "parentcaller": "0x001789c7",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 1,
            "id": 74
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178776",
            "parentcaller": "0x001789c7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178776",
            "parentcaller": "0x001789c7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178776",
            "parentcaller": "0x001789c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178776",
            "parentcaller": "0x001789c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178776",
            "parentcaller": "0x001789c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178776",
            "parentcaller": "0x001789c7",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ff4000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x001789ef",
            "parentcaller": "0x00180a55",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x94\\xfb\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xc8\\xfa\\xaf\\x02\\x9c\\xfb\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x02\\x00\\x00\n\\x00\\x00\\x00\\xf0\\x81\\xc0\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178ac6",
            "parentcaller": "0x00180a55",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178ad7",
            "parentcaller": "0x00180a55",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "CopyFileExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089730"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178aed",
            "parentcaller": "0x00180a55",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "IsDebuggerPresent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760920d0"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178afe",
            "parentcaller": "0x00180a55",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleInputExeNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75cde190"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178b1e",
            "parentcaller": "0x00180a55",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04773000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0017e4f6",
            "parentcaller": "0x00180b09",
            "category": "system",
            "api": "FindFixAndRun",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Command",
                "value": "start"
              },
              {
                "name": "Arguments",
                "value": " /wait \"\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\""
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0017adbc",
            "parentcaller": "0x0017e4f6",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xc0\\x94\\x01\\x010\\xf7\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x004\\x00\\x00\\x008\\xf7\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x02\\x00\\x00\\xd0\\x00\\x00\\x00\\x10\\xfa\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ff4000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07011000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04773000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04778000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07021000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07026000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0018744a",
            "parentcaller": "0x00186e48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0702b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0017dcee",
            "parentcaller": "0x00185d88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c0f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00181d40",
            "parentcaller": "0x0017f680",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00181d4a",
            "parentcaller": "0x0017f680",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00181d67",
            "parentcaller": "0x0017f680",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x001858c1",
            "parentcaller": "0x00179c30",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x02bf66c0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x8e002877"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac2e"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00178b81",
            "parentcaller": "0x0017f9d3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00185f10",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": false,
            "return": "0xffffffffc000012f",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\" "
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x00185f10",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "CreateProcessW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\" "
              },
              {
                "name": "CreationFlags",
                "value": "0x00080410"
              },
              {
                "name": "ProcessId",
                "value": "0"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6696"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-05 09:04:04,605",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000228"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d4c000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d49000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d49000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d49000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d49000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x74d40000"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0xffffffffd474fc01",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x74d40000"
              },
              {
                "name": "InitRoutine",
                "value": "0x74d447e0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000244"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c5a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c5a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c5a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c5a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x76c00000"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-03-05 09:04:04,621",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000248"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000248"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": " \\xdd\\xf3\\x90\\xcd\\xec1jSx\\xbbm\\x9fR1\\xf7\\x9c\\x82\\xae\\xb8\\x04\\x8c\\xc4\\xf6|+\\xbf\\xc3\\x02)D\\x8d\\x8f\\x11\\xc8\"#\t\\xfeB\\x99\\x0c\\x88#\\xa0\\xda\\xcc2"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c00000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76c336c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76991000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76991000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768a7000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-03-05 09:04:04,668",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x740c0000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x740f4330"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xe9\\xaf\\x02\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0>\\x0ft\\x84j\\xa3)X\\xea\\xaf\\x02\\xe1>\\x0ft"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000254"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b71d",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0019b730",
            "parentcaller": "0x00191e67",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xc72\\x1a/0\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x0017825c",
            "parentcaller": "0x00191e67",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xb0\\xad\\xbe\\x02`\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x80h\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-03-05 09:04:04,683",
            "thread_id": "6696",
            "caller": "0x00178272",
            "parentcaller": "0x00191e67",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xb0\\xad\\xbe\\x02`\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x80h\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x0019b78e",
            "parentcaller": "0x00191e67",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x94\\x00\\x00\\x000\\xf1\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "shell32.dll"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x005b5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x771b4000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x771ab000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x771ab000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x771aa000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x771aa000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x00a\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00a\\x00r\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00t\\x00s\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00t\\x00i\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00a\\x00r\\x00"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shell32"
              },
              {
                "name": "DllBase",
                "value": "0x76c60000"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77994e10"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "SleepConditionVariableCS"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ce8040"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75b30000"
              },
              {
                "name": "FunctionName",
                "value": "WakeAllConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7799a570"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "EventWrite"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77991360"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "EventRegister"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7795e140"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75ab0000"
              },
              {
                "name": "FunctionName",
                "value": "EventUnregister"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77989ac0"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779624f0"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a40c0"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77960780"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7799c2a0"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779952e0"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000027c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4048:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000027c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000027c"
              }
            ],
            "repeated": 1,
            "id": 199
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\shell32"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c60000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76ddbf80"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x001bd000"
              },
              {
                "name": "ModuleName",
                "value": "cmd.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-03-05 09:04:04,699",
            "thread_id": "6696",
            "caller": "0x001867a3",
            "parentcaller": "0x001873e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x001bd000"
              },
              {
                "name": "ModuleName",
                "value": "cmd.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-03-05 09:04:04,714",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6696"
              },
              {
                "name": "Module",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "Return Address",
                "value": "0x760924ac"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-03-05 09:04:04,793",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\\comctl32"
              },
              {
                "name": "DllBase",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-03-05 09:04:04,824",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6696"
              },
              {
                "name": "Module",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "Return Address",
                "value": "0x760924ac"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-03-05 09:04:04,886",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x737e0000"
              }
            ],
            "repeated": 1,
            "id": 206
          },
          {
            "timestamp": "2026-03-05 09:04:04,886",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SHCORE"
              },
              {
                "name": "DllBase",
                "value": "0x76190000"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-03-05 09:04:04,902",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x751c0000"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-03-05 09:04:04,918",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x751f0000"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-03-05 09:04:04,918",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x73710000"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-03-05 09:04:04,933",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-03-05 09:04:04,933",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x759e0000"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-03-05 09:04:04,949",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73710000"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-03-05 09:04:04,996",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 214
          },
          {
            "timestamp": "2026-03-05 09:04:04,996",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 215
          },
          {
            "timestamp": "2026-03-05 09:04:05,011",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x74d50000"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-03-05 09:04:05,011",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 12,
            "id": 217
          },
          {
            "timestamp": "2026-03-05 09:04:05,027",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x751f0000"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-03-05 09:04:05,027",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-03-05 09:04:05,027",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-03-05 09:04:05,027",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-03-05 09:04:05,043",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x751f0000"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-03-05 09:04:05,043",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-03-05 09:04:05,105",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 19,
            "id": 224
          },
          {
            "timestamp": "2026-03-05 09:04:05,136",
            "thread_id": "1372",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xf1i\\x07\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xf1i\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-03-05 09:04:05,136",
            "thread_id": "1372",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-03-05 09:04:05,136",
            "thread_id": "1372",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-03-05 09:04:05,136",
            "thread_id": "1372",
            "caller": "0x7798112f",
            "parentcaller": "0x7797f0c9",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CFGMGR32.dll"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-03-05 09:04:05,183",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 229
          },
          {
            "timestamp": "2026-03-05 09:04:05,199",
            "thread_id": "1372",
            "caller": "0x779812bc",
            "parentcaller": "0x77981427",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000384"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f30000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0003b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-03-05 09:04:05,308",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 231
          },
          {
            "timestamp": "2026-03-05 09:04:05,308",
            "thread_id": "1372",
            "caller": "0x7798009f",
            "parentcaller": "0x77980824",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f67000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-03-05 09:04:05,371",
            "thread_id": "1372",
            "caller": "0x77980147",
            "parentcaller": "0x77980824",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f65000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-03-05 09:04:05,371",
            "thread_id": "1372",
            "caller": "0x77980175",
            "parentcaller": "0x77980824",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f65000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-03-05 09:04:05,371",
            "thread_id": "1372",
            "caller": "0x77991ee8",
            "parentcaller": "0x77991e71",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-03-05 09:04:05,371",
            "thread_id": "1372",
            "caller": "0x77991ee8",
            "parentcaller": "0x77991ea1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77a59000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-03-05 09:04:05,418",
            "thread_id": "1372",
            "caller": "0x77969ddb",
            "parentcaller": "0x7797b530",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f65000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-03-05 09:04:05,418",
            "thread_id": "1372",
            "caller": "0x7797f149",
            "parentcaller": "0x779823c8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-03-05 09:04:05,433",
            "thread_id": "1372",
            "caller": "0x77980da0",
            "parentcaller": "0x7796e523",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f65000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-03-05 09:04:05,433",
            "thread_id": "1372",
            "caller": "0x77980da0",
            "parentcaller": "0x7796e523",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CFGMGR32"
              },
              {
                "name": "DllBase",
                "value": "0x75f30000"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x75f3d193",
            "parentcaller": "0x75f41bb5",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "\\Device\\DeviceApi\\CMApi"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x7796007d",
            "parentcaller": "0x75f38278",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x7796007d",
            "parentcaller": "0x75f38278",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\cfgmgr32"
              },
              {
                "name": "BaseAddress",
                "value": "0x75f30000"
              },
              {
                "name": "InitRoutine",
                "value": "0x75f3d450"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75795000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75795000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x75f3d6f5",
            "parentcaller": "0x75f3d654",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000003f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "$\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00#\\x00\\x00\\xc0\\xe6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x75f3c2c6",
            "parentcaller": "0x75f3c173",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000003f4"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "$\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x75c51454",
            "parentcaller": "0x75335fd0",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000003f8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003fc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "1372",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-03-05 09:04:05,589",
            "thread_id": "2768",
            "caller": "0x77981c0e",
            "parentcaller": "0x7797dbb1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000007c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-03-05 09:04:05,793",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\edputil"
              },
              {
                "name": "DllBase",
                "value": "0x736f0000"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "2768",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x1b\\x00\\x00\\x000\\xef}\\x07\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\xae\\x9aw8\\xef}\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "2768",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "2768",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "2768",
            "caller": "0x753910cb",
            "parentcaller": "0x77999570",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{934d8cf6-17ea-11f1-b6c8-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c4269a",
            "parentcaller": "0x7533601c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c4269a",
            "parentcaller": "0x753564ad",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c36ff1",
            "parentcaller": "0x75c36e4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 259
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000230"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37f8b",
            "parentcaller": "0x75334ebc",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c36c2e",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x84\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00H\\x8dm|\\x1f\\x00\\x00\\x00\\x04@\\x00\\x10\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37f8b",
            "parentcaller": "0x75334ef4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c36ff1",
            "parentcaller": "0x75c36e4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 266
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000230"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{c48439d1-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37f8b",
            "parentcaller": "0x75334ebc",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c37f8b",
            "parentcaller": "0x75334ef4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c408e0",
            "parentcaller": "0x75c493b6",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\MountPointManager"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InputBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c408e0",
            "parentcaller": "0x75c493b6",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\MountPointManager"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InputBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c4269a",
            "parentcaller": "0x75c4941a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c41999",
            "parentcaller": "0x75c416ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c408e0",
            "parentcaller": "0x75c493b6",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\MountPointManager"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InputBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c408e0",
            "parentcaller": "0x75c493b6",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\MountPointManager"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InputBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00c\\x004\\x008\\x004\\x003\\x009\\x00d\\x001\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c4269a",
            "parentcaller": "0x75c4941a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c43cc4",
            "parentcaller": "0x75357f12",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c41446",
            "parentcaller": "0x75357fda",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xa3\\xc3\\x02`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-03-05 09:04:05,808",
            "thread_id": "1372",
            "caller": "0x75c4269a",
            "parentcaller": "0x75357f2b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-03-05 09:04:06,355",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-03-05 09:04:07,433",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000414"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7678d700"
              },
              {
                "name": "Parameter",
                "value": "0x02c35090"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3152"
              },
              {
                "name": "ProcessId",
                "value": "4048"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-03-05 09:04:07,433",
            "thread_id": "3152",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xf3\\x91\\x07\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xf3\\x91\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-03-05 09:04:07,433",
            "thread_id": "1372",
            "caller": "0x75c51454",
            "parentcaller": "0x7691b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000041c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-03-05 09:04:07,433",
            "thread_id": "3152",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000043c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x761ac6e0"
              },
              {
                "name": "Parameter",
                "value": "0x07027790"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5968"
              },
              {
                "name": "ProcessId",
                "value": "4048"
              },
              {
                "name": "Module",
                "value": "SHCORE.dll"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c47322",
            "parentcaller": "0x75c47238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xf1\\xa5\\x07\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8\\xf1\\xa5\\x07\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c565db",
            "parentcaller": "0x761de575",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00 \\x8f\\x02\\xd0\\x0f\\x00\\x00P\\x17\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5968"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737c4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737c4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737c4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737c4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7678795a",
            "parentcaller": "0x76785198",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7678795a",
            "parentcaller": "0x767333c9",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f5a0",
            "parentcaller": "0x76733409",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.FileTypeAssociation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f650",
            "parentcaller": "0x7677f5fb",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "KeyInformation",
                "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00h\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00F\\x00i\\x00l\\x00e\\x00T\\x00y\\x00p\\x00e\\x00A\\x00s\\x00s\\x00o\\x00c\\x00i\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x01\\x00\\x00\\x00\\xffae^\\xff97w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xffc1\\x02\\x00#\\xffc1\\x02HR\\xffc3\\x02\\x00#\\xffc1\\x02\\xffe8\\xffef\\xffa5\\x07\\xffe4\\xffc1\\xffa1s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa6Y~/Zyxv\\x00\\x00\\x00\\x00\\xff98Qxv;\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\xffa6\\x07\\x00\\x00\\x00\\x00\\x18\\xfff0\\xffa5\\x07\\xffe4\\xffc1\\xffa1s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00VF~/Zyxv\\x00\\x00\\x00\\x00\\xffc93sv=\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\xffa6\\x07\\x00\\x00\\x00\\x00\\xffe0\\xffef\\xffa5\\x07\\xffbf\\xffa0\\xffa1s\\xffc0\\xfffa\\xffa5\\x07Zyxv8,\\xffc3s\\xffc93svX\\xfff0\\xffa5\\x076\\xffa7\\xffa1s$\\xff99\\xffc0s\\x0eF~/\\xff80\\xffeb\\xffa5\\x078,\\xffc3s\\xffc0\\xfffa\\xffa5\\x07\\xffd0\\xffa9\\xffb6s\\xfff6\\xffe0\\x19[\\xfffe\\xffff\\xffff\\xffff\\xffa4\\xfff0\\xffa5\\x07\\xffdf)\\xffa3s\\x1e\\x00\\x00\\x00X\\x1e\\xffc1sP$\\xffc1s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00I$\\xffc1sl#\\xffc1s\\x18*\\xffc3\\x02\\xffc8\\xffda\\xffc0s\\x19\\x01\\x02\\x00\\x14$\\xffc1sH\\x04\\x00\\x00\\xfffc#\\xffc1s\\xfff4\\xfff0\\xffa5\\x07\\xffbdVA+\\x00\\xffb2\\xffc3\\x02H\\x04\\x00\\x00\\x18*\\xffc3\\x02\\x18*\\x00\\x00\\xff80\\xfff0\\xffa5\\x07\\x00\\xffb2\\xffc3\\x02\\xffc0\\xfffa\\xffa5\\x07\\x00\\xffae\\xff9aw\\x19lG[\\xfffe\\xffff\\xffff\\xffff\\xffd8\\xfff0\\xffa5\\x07ayxv\\x00\\x00\\x00\\x00H\\x04\\x00\\x00\\xfff8Q\\xffc3\\x02\\x18\\x00\\x00\\x00H\\x04\\x00\\x00\\xfff4\\xfff0\\xffa5\\x07@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xfff1\\xffa5\\x07\\xffc93sv\\x19\\x01\\x02\\x00\\x18*\\xffc3\\x02\\xffe0Pxv\\x10*\\xffc3\\x02PR\\xffc3\\x02\\x08\\xfff1\\xffa5\\x07\\x0f\\xfff3yv\\xfff8Q\\xffc3\\x02 \\xfff1\\xffa5\\x07\\x10*\\xffc3\\x02$\\xfff1\\xffa5\\x07-QxvL\\x04\\x00\\x00\\x00*\\xffc3\\x02"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000450"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36ff1",
            "parentcaller": "0x75c36e4c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 314
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7678795a",
            "parentcaller": "0x767333c9",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000454"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000448"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f5a0",
            "parentcaller": "0x76733409",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f650",
            "parentcaller": "0x7677f5fb",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\xffc2\\x02\\xff90M\\xffc3\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00z\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00z\\x02\\xffcc\\x01z\\x02\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x0c\nz\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffbe\\x02\\x08\nz\\x02\\x00\\x00\\xffa6\\x07|\\xffec\\xffa5\\x07\\xffae^\\xff97w\\x01\\x00\\x00\\x00\\xffae^\\xff97w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xffb3\\xffc3\\x02 \\xffb3\\xffc3\\x02pR\\xffc3\\x02 \\xffb3\\xffc3\\x02\\xffedB\\xff81v\\x14\\xffee\\xffa5\\x07\\x10-sv\\xfff0+\\xffc3\\x02\\xffe0 sv\\xffa8\\x12\\xffc2\\x02\\xff851sv\\x00\\xffed\\xffa5\\x07\\x7f/\\xffa3s\\xffa8\\x12\\xffc2\\x02\\x01\\x00\\x00\\x00i\\xffa7\\xff9fs\\xfff8\\xffec\\xffa5\\x07\\xffe4\\xffc1\\xffa1s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffb6Z~/Zyxv\\x00\\x00\\x00\\x00\\xffc93sv8\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\xffa6\\x07\\x00\\x00\\x00\\x00\\xffc0\\xffec\\xffa5\\x07\\xffbf\\xffa0\\xffa1s\\xffc0\\xfffa\\xffa5\\x07Zyxv8,\\xffc3s\\xffc93sv8\\xffed\\xffa5\\x076\\xffa7\\xffa1s$\\xff99\\xffc0sn[~/`\\xffe8\\xffa5\\x078,\\xffc3s\\xffc0\\xfffa\\xffa5\\x07\\xffd0\\xffa9\\xffb6s\\xfff6\\xffe0\\x19[\\xfffe\\xffff\\xffff\\xffff\\xff84\\xffed\\xffa5\\x07\\xffdf)\\xffa3s\\x1e\\x00\\x00\\x00X\\x1e\\xffc1sP$\\xffc1s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00I$\\xffc1sl#\\xffc1s\\xfff8+\\xffc3\\x02\\xffc8\\xffda\\xffc0s\\x19\\x01\\x02\\x00\\x14$\\xffc1sH\\x04\\x00\\x00\\xfffc#\\xffc1s\\xffd8\\xffed\\xffa5\\x07\\xff9dKA+\\x00+\\xffc3\\x02H\\x04\\x00\\x00\\xfff8+\\xffc3\\x02\\xfff8+\\x00\\x00`\\xffed\\xffa5\\x07\\x00+\\xffc3\\x02\\xffc0\\xfffa\\xffa5\\x07\\x00\\xffae\\xff9aw\\x19lG[\\xfffe\\xffff\\xffff\\xffff\\xffbc\\xffed\\xffa5\\x07ayxv\\x00\\x00\\x00\\x00H\\x04\\x00\\x00\\x00\\x00z\\x02\\x18\\x00\\x00\\x00H\\x04\\x00\\x00\\xffd8\\xffed\\xffa5\\x07@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x0cz\\x02\\xfff0\\xffed\\xffa5\\x07\\xffc93sv\\x19\\x01\\x02\\x00\\xfff8+\\xffc3\\x02\\xffe0Pxv\\xfff0+\\xffc3\\x02xR\\xffc3\\x02\\xffec\\xffed\\xffa5\\x07\\x0f\\xfff3yv\\xffec\\x07\\xff8av\\x04\\xffee\\xffa5\\x07\\xfff0+\\xffc3\\x02\\x08\\xffee\\xffa5\\x07-QxvT\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 1,
            "id": 322
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36c2e",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000458"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x7672d718",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x7672d718",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f5a0",
            "parentcaller": "0x76733409",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000044c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.FileTypeAssociation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f650",
            "parentcaller": "0x7677f5fb",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "KeyInformation",
                "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00h\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00F\\x00i\\x00l\\x00e\\x00T\\x00y\\x00p\\x00e\\x00A\\x00s\\x00s\\x00o\\x00c\\x00i\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x01\\x00\\x00\\x00\\xffae^\\xff97w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x1a\\xffc1\\x02\\xff90\\x1a\\xffc1\\x02\\xfff0\r{v@\\xfff0\\xffa5\\x07\\xffb1,sv\\x02\\x00\\x00\\x00\\x10-svL\\x08\\xff8av\\xffe0 sv\\xffd8\\x14\\xffc2\\x02\\xff851sv\\x01\\x00\\x00\\x00\r\\x00\\x00\\x00\\xffd8\\x14\\xffc2\\x02\\x01\\x00\\x00\\x00\\xffb8D\\xffc0\\x02<H\\xffc0\\x02L\\x08\\xff8avbWrv\\xff80\\xffb3\\xffc3\\x02\\x1e\\x00\\xff8av\\xffec\\x14\\xffc2\\x028\\xff87\\xffc2\\x02\\xff80\\xffad\\xffc1\\x02\\xffc0TrvD\\x00\\xff8avAYrv\\x00\\x00\\x00\\x00\\xff90\\x1a\\xffc1\\x02\\x08\\xffeb\\xff89v\\xffe0 svD\\x00\\xff8av\\x00\\x00\\x00\\x00\\xfffc\\xffc9hv\\xff80\\xffb3\\xffc3\\x02 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc3m\\xff81\\x00\\x1e\\x00\\xff8av\r\\xffc1\\xff95\\x12\\x00\\x00\\x00\\x00D{\\xff9bw\\xffd0*\\xffc3\\x02 \\x00\\x00\\x00(\\x00\\x1b\\x00 \\x00\\x00\\x00\\x15\\x00\\x15\\x00\\xfff8\\xffef\\xffa5\\x07,\\x0e\\xffc2\\x02\\xfff8Q\\xffc3\\x02Oc\\xff97wS\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffbe\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00.\\x00\\x12\\x00@\\x00\\x00\\x00\\xffd0\\x07z\\x02P\\x00\\x00\\x00\\xffd0\\x07z\\x02d\\x00\\x00\\x00 \\x00\\x00\\x00P\\x00\\x00\\x00\\x10\\xffac\\xffc1\\x02\\x00\\x12\\xffbe\\x02\\xff80\\xffad\\xffc1\\x02\\xff80\\xffad\\xffc1\\x02\\x00\\x00\\x00\\x00\\xff90\\x1a\\xffc1\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00z\\x02\\xffe0\\x01z\\x02\\x00\\x00\\x00\\x00D\\x00\\x00\\x00\\x14\\x0cz\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffbe\\x02\\x10\\x0cz\\x02\\xffae^\\xff97w\\x14\\xfff0\\xffa5\\x07\\xffae^\\xff97w\\xff80\\xffad\\xffc1\\x02\\xffae^\\xff97w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\x1a\\xffc1\\x02\\xff80\\xffad\\xffc1\\x02x\\xfff0\\xffa5\\x07\\xffd8\\x14\\xffc2\\x02\\xff90\\x1a\\xffc1\\x02H\\xfff0\\xffa5\\x070\\xffc3rv\\xfff0\\x14\\xffc2\\x02"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000450"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000450"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f5a0",
            "parentcaller": "0x76733409",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7677f650",
            "parentcaller": "0x7677f5fb",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\xffc2\\x02\\xff90M\\xffc3\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00z\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00z\\x02\\xffcc\\x01z\\x02\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x0c\nz\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffbe\\x02\\x08\nz\\x02\\x00\\x00\\xffa6\\x07\\xff8c\\xffeb\\xffa5\\x07\\xffae^\\xff97w\\x01\\x00\\x00\\x00\\xffae^\\xff97w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xffb8\\xffc3\\x020\\xffb8\\xffc3\\x02\\xffdc\\xfffb\\xffc1\\x04$\\xffed\\xffa5\\x07\\xffb1,sv\\x02\\x00\\x00\\x00\\x10-svL\\x07\\xff8av\\xffe0 sv\\xffa8\\x12\\xffc2\\x02\\xff851sv\\x10\\xffec\\xffa5\\x07\\x7f/\\xffa3s\\xffa8\\x12\\xffc2\\x02\\x01\\x00\\x00\\x00L%\\xffc1s\\x00\\x00\\x00\\x00L\\x07\\xff8av_%\\xffc1s\\x14\\xffec\\xffa5\\x07\\xffe4\\xffc1\\xffa1s\\xffbc\\x12\\xffc2\\x02\\x00\\x00\\x00\\x00\\x00\\xffb1\\xffc1\\x02cj\\xffc3u\\x00\\x00\\x00\\x00Sh\\xffc3u \\x00\\x00\\x000\\xffb8\\xffc3\\x02\\x08\\xffeb\\xff89v\\xffe0 sv\\xff88\\xffec\\xffa5\\x07Oc\\xff97wK\\x00\\x00\\x00 \\x00\\x00\\x00l\\xffed\\xffa5\\x07\\x00\\x00\\xffbe\\x02T\\xffec\\xffa5\\x07\\xffdc\\xfffb\\xffc1\\x04\\xffd0\\xffec\\xffa5\\x07rZ~/ \\x00\\x00\\x00\\x02\\x00\\x00\\x00@\\x00\\x00\\x00\\xffd0\\x07z\\x02 \\x00\\x00\\x00\\x14\\x00\\x15\\x00\\xffd8\\xffec\\xffa5\\x07,\\x0e\\xffc2\\x02HR\\xffc3\\x02Oc\\xff97w\\x14\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffbe\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00z\\x02\\xffd8\\x01z\\x02\\x00\\x00\\x00\\x008\\x00\\x00\\x00P\\x00\\x00\\x00\\xffd0\\x07z\\x02d\\x00\\x00\\x00\\x00\\xffb8\\xffc3\\x02P\\x00\\x00\\x00\\xffa4\\xffec\\xffa5\\x07\\x00\\x12\\xffbe\\x02\\x00\\xffb1\\xffc1\\x02\\x00\\xffb1\\xffc1\\x02\\x00\\x00\\x00\\x000\\xffb8\\xffc3\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00z\\x02\\xffe0\\x01z\\x02\\x00\\x00\\x00\\x00D\\x00\\x00\\x00\\x14\\x0cz\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffbe\\x02\\x10\\x0cz\\x02\\x18\\xffb1\\xffc1\\x02\\xffa8\\x12\\xffc2\\x02\\xfff0\\xffec\\xffa5\\x07d\\xfffarv\\xffc0\\x12\\xffc2\\x02\\x00\\x00\\x00\\x00\\xffa8\\x12\\xffc2\\x02\\x00\\xffb1\\xffc1\\x02\\xffa8\\x12\\xffc2\\x02\\x18\\xffed\\xffa5\\x07+\\xv@\\xffd3\\xffc2\\x02\\xffcc\\xffc2fv\\x00\\xffb1\\xffc1\\x02\\xffe0[xv"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 1,
            "id": 352
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36c2e",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000458"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37324",
            "parentcaller": "0x75c36e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000458"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x7672d718",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x7672d718",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x75c51454",
            "parentcaller": "0x7691b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000458"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x7690c752",
            "parentcaller": "0x7690c6e6",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-03-05 09:04:07,668",
            "thread_id": "5968",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-03-05 09:04:07,730",
            "thread_id": "5968",
            "caller": "0x75c4074f",
            "parentcaller": "0x7671cd1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-03-05 09:04:07,730",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x7671cd30",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7671d500"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-03-05 09:04:07,730",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x7671cd41",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x767472f0"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-03-05 09:04:07,730",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x7671cd52",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76745d80"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-03-05 09:04:07,730",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x7671cd63",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7671db30"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-03-05 09:04:07,871",
            "thread_id": "5968",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c48000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-03-05 09:04:07,871",
            "thread_id": "5968",
            "caller": "0x75c51454",
            "parentcaller": "0x76753f33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000464"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c5c6fe",
            "parentcaller": "0x75c45f8b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c41137",
            "parentcaller": "0x75c5d521",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c457c5",
            "parentcaller": "0x75c45b43",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 375
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c45736",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c5c6fe",
            "parentcaller": "0x75c458a4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c45900",
            "parentcaller": "0x75c458e0",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x767895e5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x767472f0"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x76789603",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76745d80"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x76789621",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x766cb480"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x7678963b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76767f90"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x76789655",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x767683b0"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x7678966f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7673e550"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x76789689",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76660000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7671db30"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x76789494",
            "parentcaller": "0x779610df",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x76746517",
            "parentcaller": "0x7674dbf3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-03-05 09:04:07,886",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000031a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xda\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xdaT\\xdaH\\xdan\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xf0\\xdc\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xd9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xda,\\xda \\xdar\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc8\\xdc\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x76714ee5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x76714ef1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-03-05 09:04:08,168",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xce\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xcf\\xcc\\xce\\xc0\\xcen\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00h\\xd1\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x766f4e60",
            "parentcaller": "0x766f4e10",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 413
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xce\\xb4\\xcd\\xa8\\xcdn\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02P\\xd0\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xcd\\x8c\\xcd\\x80\\xcdn\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(\\xd0\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xcd\\x8c\\xcd\\x80\\xcdn\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(\\xd0\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xce\\x1c\\xce\\x10\\xcen\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xb8\\xd0\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xcc\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xcd4\\xcd(\\xcdr\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xcf\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xcd\\\\xcdP\\xcdr\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf8\\xcf\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xcd\\\\xcdP\\xcdr\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf8\\xcf\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-03-05 09:04:08,324",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xcc\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00d\\xcd\\x14\\xcd\\x08\\xcdr\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb0\\xcf\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f2ce5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xce\\xb4\\xcd\\xa8\\xcdn\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\xd0\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xcd\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xce\\xb4\\xcd\\xa8\\xcdn\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\xd0\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f4c0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xcb\\x1c\\xcb\\x10\\xcbn\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xcd\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x766f4e60",
            "parentcaller": "0x766f4e10",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 474
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xca\\x04\\xca\\xf8\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xcc\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xca\\xdc\\xc9\\xd0\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xcc\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xca\\xdc\\xc9\\xd0\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xcc\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xca\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xcal\\xca`\\xcan\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x08\\xcd\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xc9\\x84\\xc9x\\xc9r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xcc\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xc9\\xac\\xc9\\xa0\\xc9r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xcc\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xc9\\xac\\xc9\\xa0\\xc9r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xcc\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xb4\\xc9d\\xc9X\\xc9r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xcc\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f2ce5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xca\\x04\\xca\\xf8\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xcc\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xca\\x04\\xca\\xf8\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xcc\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f4c0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xca\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xc4\\xcat\\xcah\\xcan\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\xcd\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x766f4e60",
            "parentcaller": "0x766f4e10",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 535
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xc9\\\\xc9P\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf8\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xc94\\xc9(\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xc94\\xc9(\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xca\\xc4\\xc9\\xb8\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00`\\xcc\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xc9\\xdc\\xc8\\xd0\\xc8r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xcb\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc9\\x04\\xc9\\xf8\\xc8r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xcb\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc9\\x04\\xc9\\xf8\\xc8r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xcb\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x0c\\xc9\\xbc\\xc8\\xb0\\xc8r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02X\\xcb\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f2ce5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-03-05 09:04:08,339",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xc9\\\\xc9P\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf8\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xc9\\\\xc9P\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf8\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xc9\\x0c\\xc9\\x00\\xc9n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xa8\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xc8\\x8c\\xc8\\x80\\xc8n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc8\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xc9\\xc4\\xc8\\xb8\\xc8n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00`\\xcb\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xca\\xc4\\xc9\\xb8\\xc9r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00`\\xcc\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000472"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x7677b464",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f4c0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000031a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xd7\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00D\\xd8\\xf4\\xd7\\xe8\\xd7n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x90\\xda\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x76716c98",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc6\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xc6\\\\xc6P\\xc6n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf8\\xc8\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x766f4e60",
            "parentcaller": "0x766f4e10",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 633
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc5\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc5D\\xc58\\xc5n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xc7\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc5\\x1c\\xc5\\x10\\xc5n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xc7\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc5\\x1c\\xc5\\x10\\xc5n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xc7\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc5\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xc5\\xac\\xc5\\xa0\\xc5n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00H\\xc8\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000470"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xc5\\xc4\\xc4\\xb8\\xc4r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02`\\xc7\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xc7\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xc5\\xec\\xc4\\xe0\\xc4r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xc7\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xc4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xc4\\xa4\\xc4\\x98\\xc4r\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xc7\\xa5\\x07\\xdct\\xc3ur\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000472"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f2ce5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000472"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc5\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc5D\\xc58\\xc5n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xc7\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xc5\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xc5D\\xc58\\xc5n\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xc7\\xa5\\x07\\xdct\\xc3un\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000046e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-03-05 09:04:08,355",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f4c0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-03-05 09:04:09,480",
            "thread_id": "5968",
            "caller": "0x75c41d96",
            "parentcaller": "0x76726166",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS"
              },
              {
                "name": "DllBase",
                "value": "0x73650000"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-03-05 09:04:09,683",
            "thread_id": "5968",
            "caller": "0x75c41d96",
            "parentcaller": "0x76726166",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73650000"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-03-05 09:04:09,683",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x76726104",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73650000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x736cc840"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-03-05 09:04:09,683",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x76726116",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73650000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-03-05 09:04:09,683",
            "thread_id": "5968",
            "caller": "0x75c496ea",
            "parentcaller": "0x76726133",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73650000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x736cc820"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-03-05 09:04:10,496",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-03-05 09:04:10,496",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-03-05 09:04:10,496",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000031a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xd9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00d\\xda\\x14\\xda\\x08\\xda~\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xb0\\xdc\\xa5\\x07\\xdct\\xc3u~\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000047e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000482"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000482"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xd9\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xda\\xec\\xd9\\xe0\\xd9\\x82\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xdc\\xa5\\x07\\xdct\\xc3u\\x82\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000482"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x76714ee5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x76714ef1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x76739f95",
            "parentcaller": "0x76739e12",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x779862aa",
            "parentcaller": "0x75c5ab19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x779862d1",
            "parentcaller": "0x75c5ab19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x7690c752",
            "parentcaller": "0x7690c6e6",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76991000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76991000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x7690cb9a",
            "parentcaller": "0x7690c722",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-03-05 09:04:10,964",
            "thread_id": "5968",
            "caller": "0x77997aa9",
            "parentcaller": "0x7690ea37",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-03-05 09:04:10,980",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-03-05 09:04:10,980",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000031a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-03-05 09:04:10,980",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000031a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xe1\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xe1\\xa4\\xe1\\x98\\xe1z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00@\\xe4\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xe1\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xe1|\\xe1p\\xe1~\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x18\\xe4\\xa5\\x07\\xdct\\xc3u~\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x76714ee5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x76714ef1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047a"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c427d9",
            "parentcaller": "0x75c42732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xd5\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xd6\\x1c\\xd6\\x10\\xd6z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xd8\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x766f4e60",
            "parentcaller": "0x766f4e10",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 741
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xd5\\x04\\xd5\\xf8\\xd4z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xd7\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xd5\\xdc\\xd4\\xd0\\xd4z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xd7\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xd5\\xdc\\xd4\\xd0\\xd4z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xd7\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xd5\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xd5l\\xd5`\\xd5z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x08\\xd8\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xd4\\x84\\xd4x\\xd4~\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xd7\\xa5\\x07\\xdct\\xc3u~\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xd4\\xac\\xd4\\xa0\\xd4~\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xd7\\xa5\\x07\\xdct\\xc3u~\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xd4\\xac\\xd4\\xa0\\xd4~\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xd7\\xa5\\x07\\xdct\\xc3u~\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c33823",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xb4\\xd4d\\xd4X\\xd4~\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xd7\\xa5\\x07\\xdct\\xc3u~\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c33859",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c36a63",
            "parentcaller": "0x75c36853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f2ce5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xd5\\x04\\xd5\\xf8\\xd4z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xd7\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c3785b",
            "parentcaller": "0x75c2c23e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c374dc",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x77983999",
            "parentcaller": "0x75c37724",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xd4\\xa5\\x07\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xd5\\x04\\xd5\\xf8\\xd4z\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xd7\\xa5\\x07\\xdct\\xc3uz\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37575",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37688",
            "parentcaller": "0x75c2c25b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000047a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c37f8b",
            "parentcaller": "0x766f4c0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047a"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x75c565db",
            "parentcaller": "0x761ad09f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00 \\x8f\\x02\\xd0\\x0f\\x00\\x00P\\x17\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5968"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7620c000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-03-05 09:04:11,058",
            "thread_id": "5968",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7620c000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-03-05 09:04:11,543",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.UI.AppDefaults.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-03-05 09:04:11,652",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6696"
              },
              {
                "name": "Module",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "Return Address",
                "value": "0x760924ac"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-03-05 09:04:11,652",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x737e0000"
              }
            ],
            "repeated": 1,
            "id": 798
          },
          {
            "timestamp": "2026-03-05 09:04:11,746",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-03-05 09:04:12,105",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-03-05 09:04:12,433",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-03-05 09:04:12,433",
            "thread_id": "5968",
            "caller": "0x7797ff5f",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7620c000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-03-05 09:04:12,433",
            "thread_id": "5968",
            "caller": "0x7797ff94",
            "parentcaller": "0x7797fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7620c000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-03-05 09:04:12,433",
            "thread_id": "5968",
            "caller": "0x75c565db",
            "parentcaller": "0x761de575",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00 \\x8f\\x02\\xd0\\x0f\\x00\\x00P\\x17\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5968"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-03-05 09:04:12,433",
            "thread_id": "5968",
            "caller": "0x76746517",
            "parentcaller": "0x7674dbf3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-03-05 09:04:12,449",
            "thread_id": "5968",
            "caller": "0x76739f95",
            "parentcaller": "0x76739e12",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-03-05 09:04:12,449",
            "thread_id": "5968",
            "caller": "0x779862aa",
            "parentcaller": "0x75c5ab19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-03-05 09:04:12,449",
            "thread_id": "5968",
            "caller": "0x779862d1",
            "parentcaller": "0x75c5ab19",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-03-05 09:04:12,449",
            "thread_id": "5968",
            "caller": "0x75c565db",
            "parentcaller": "0x761ad09f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00 \\x8f\\x02\\xd0\\x0f\\x00\\x00P\\x17\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5968"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-03-05 09:04:12,605",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c60000"
              }
            ],
            "repeated": 1,
            "id": 810
          },
          {
            "timestamp": "2026-03-05 09:04:13,105",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\apphelp"
              },
              {
                "name": "DllBase",
                "value": "0x74ba0000"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-03-05 09:04:13,121",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-03-05 09:04:13,121",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-03-05 09:04:14,027",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-03-05 09:04:14,355",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x73290000"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-03-05 09:04:14,371",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73290000"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-03-05 09:04:14,511",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E44E9428-BDBC-4987-A099-40DC8FD255E7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "7F9185B0-CB92-43C5-80A9-92277A4F7B54"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-03-05 09:04:14,511",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 818
          },
          {
            "timestamp": "2026-03-05 09:04:14,699",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\oleaut32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-03-05 09:04:15,511",
            "thread_id": "1372",
            "caller": "0x7676693d",
            "parentcaller": "0x767a08c6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000202ee"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 1,
            "id": 820
          },
          {
            "timestamp": "2026-03-05 09:04:16,636",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x73250000"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-03-05 09:04:16,636",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73250000"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-03-05 09:04:16,746",
            "thread_id": "1372",
            "caller": "0x7676693d",
            "parentcaller": "0x767a08c6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000202ee"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-03-05 09:04:17,339",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\ActXPrxy"
              },
              {
                "name": "DllBase",
                "value": "0x73200000"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-03-05 09:04:17,355",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\actxprxy.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73200000"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-03-05 09:04:17,808",
            "thread_id": "1372",
            "caller": "0x7676693d",
            "parentcaller": "0x767a08c6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000202ee"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 3,
            "id": 826
          },
          {
            "timestamp": "2026-03-05 09:04:17,808",
            "thread_id": "1372",
            "caller": "0x77970857",
            "parentcaller": "0x7797055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-03-05 09:04:17,808",
            "thread_id": "1372",
            "caller": "0x7676693d",
            "parentcaller": "0x767a08c6",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000202ee"
              },
              {
                "name": "Message",
                "value": "0x00000400"
              }
            ],
            "repeated": 14,
            "id": 828
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0019b7b9",
            "parentcaller": "0x00191e67",
            "category": "process",
            "api": "ShellExecuteExW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FilePath",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt"
              },
              {
                "name": "Parameters",
                "value": ""
              },
              {
                "name": "Show",
                "value": "1",
                "pretty_value": "SW_SHOWNORMAL"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0019b802",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0019b802",
            "parentcaller": "0x00191e67",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76b60000"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00185fbc",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07028000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00185fbc",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07020000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00185fd8",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07020000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00185fd8",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0701c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00185fd8",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04778000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00185fe4",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0701c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00185ff4",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07014000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00186004",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04773000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x00186020",
            "parentcaller": "0x00185a80",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07014000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0017e328",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xcc\\xfb\\xaf\\x02p\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x82Mt*x\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0017e33f",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0017e3d7",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0017e36e",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-03-05 09:04:18,433",
            "thread_id": "6696",
            "caller": "0x0017e3a0",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-03-05 09:04:18,449",
            "thread_id": "6696",
            "caller": "0x00180aa9",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00i\\xa7\\x9fs\\x88\\xfc\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-03-05 09:04:18,449",
            "thread_id": "6696",
            "caller": "0x0017e2c8",
            "parentcaller": "0x00186a0a",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x004\\xf9\\xaf\\x02\\x00\\xfa\\xaf\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xfa\\xaf\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-03-05 09:04:18,449",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x04771c30"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-03-05 09:04:18,449",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07028000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ff4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07028000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06fe1000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07028000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x061a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000320"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtUpdateWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a4770"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b0"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e4"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x071e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "NtUpdateWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x779a4770"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07550000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04850000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000288"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000027c"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04778000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001dc"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d8"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001bc"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b4"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000019c"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a0"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a4"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a8"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ac"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b0"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ef2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ef2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000194"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000198"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000190"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-03-05 09:04:18,621",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000464"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000174"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000178"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000017c"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000180"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000184"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000018c"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000188"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000154"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000158"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000150"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000144"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000148"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000140"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000013c"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000138"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f6"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000011c"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000120"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000ec"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f0"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "ValueName",
                "value": "DisableMetaFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "ValueName",
                "value": "DisableUmpdBufferSizeCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e8"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e4"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e0"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77930000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7798f5a0"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d4"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000a0"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000b0"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000b4"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-03-05 09:04:18,636",
            "thread_id": "6696",
            "caller": "0x00180ae0",
            "parentcaller": "0x00186a0a",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 987
          }
        ],
        "threads": [
          "6696",
          "852",
          "32",
          "5372",
          "5104",
          "1372",
          "2768",
          "3152",
          "5968"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\"",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00170000",
          "MainExeSize": "0x0005a000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "cmd.exe",
        "pid": 4048,
        "parent_id": 532,
        "module_path": "C:\\Windows\\SysWOW64\\cmd.exe",
        "children": [],
        "threads": [
          "6696",
          "852",
          "32",
          "5372",
          "5104",
          "1372",
          "2768",
          "3152",
          "5968"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\"",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00170000",
          "MainExeSize": "0x0005a000",
          "Bitness": "32-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Users\\cape\\AppData\\Local\\Temp",
        "C:\\Users",
        "C:\\Users\\cape",
        "C:\\Users\\cape\\AppData",
        "C:\\Users\\cape\\AppData\\Local",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt",
        "C:\\Windows\\System32\\kernel.appcore.dll",
        "\\Device\\CNG",
        "\\Device\\DeviceApi\\CMApi",
        "\\??\\MountPointManager"
      ],
      "read_files": [],
      "write_files": [],
      "delete_files": [],
      "keys": [
        "HKEY_CURRENT_USER",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DisableUNCCheck",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\EnableExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DelayedExpansion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DefaultColor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\CompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\PathCompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\AutoRun",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DisableUNCCheck",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\EnableExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DelayedExpansion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DefaultColor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\CompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\PathCompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\AutoRun",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
      ],
      "write_keys": [],
      "delete_keys": [],
      "executed_commands": [
        "\"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\"",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt "
      ],
      "resolved_apis": [],
      "mutexes": [
        "Local\\SM0:4048:168:WilStaging_02"
      ],
      "created_services": [],
      "started_services": []
    },
    "enhanced": [
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 1,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 2,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DisableUNCCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 3,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\EnableExtensions",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 4,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DelayedExpansion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 5,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\DefaultColor",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 6,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\CompletionChar",
          "content": "9"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 7,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\PathCompletionChar",
          "content": "9"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,449",
        "eid": 8,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Command Processor\\AutoRun",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,605",
        "eid": 9,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,605",
        "eid": 10,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,605",
        "eid": 11,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,605",
        "eid": 12,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 09:04:04,605",
        "eid": 13,
        "data": {
          "file": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,605",
        "eid": 14,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,621",
        "eid": 15,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,668",
        "eid": 16,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,668",
        "eid": 17,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,668",
        "eid": 18,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,668",
        "eid": 19,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x740c0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:04,683",
        "eid": 20,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,699",
        "eid": 21,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,699",
        "eid": 22,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,699",
        "eid": 23,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,886",
        "eid": 24,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x737e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,933",
        "eid": 25,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76070000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:04,949",
        "eid": 26,
        "data": {
          "file": "C:\\Windows\\System32\\propsys.dll",
          "pathtofile": null,
          "moduleaddress": "0x73710000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:05,027",
        "eid": 27,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x751f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:05,043",
        "eid": 28,
        "data": {
          "file": "C:\\Windows\\System32\\windows.storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x751f0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:05,808",
        "eid": 29,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:05,808",
        "eid": 30,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x84\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00H\\x8dm|\\x1f\\x00\\x00\\x00\\x04@\\x00\\x10\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x009\\x003\\x004\\x00d\\x008\\x00c\\x00f\\x006\\x00-\\x001\\x007\\x00e\\x00a\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x00b\\x006\\x00c\\x008\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:05,808",
        "eid": 31,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 32,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 33,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 34,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 35,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 36,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 37,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 38,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 39,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 40,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 41,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 42,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 43,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 44,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 45,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 46,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 47,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 48,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 49,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 50,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 51,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 52,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 53,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 54,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 55,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 56,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 57,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 58,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 59,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 60,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 61,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 62,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 63,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 64,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 65,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 66,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 67,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 68,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 69,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 70,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 71,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 72,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 73,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 74,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:07,668",
        "eid": 75,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:07,730",
        "eid": 76,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,168",
        "eid": 77,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,324",
        "eid": 78,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,324",
        "eid": 79,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,324",
        "eid": 80,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,324",
        "eid": 81,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,324",
        "eid": 82,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,324",
        "eid": 83,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 84,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 85,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 86,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 87,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 88,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 89,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 90,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 91,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 92,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 93,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 94,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 95,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 96,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 97,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,339",
        "eid": 98,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 99,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:08,355",
        "eid": 106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:09,683",
        "eid": 107,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll",
          "pathtofile": null,
          "moduleaddress": "0x73650000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:10,964",
        "eid": 108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:11,058",
        "eid": 116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:11,543",
        "eid": 117,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.UI.AppDefaults.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:11,652",
        "eid": 118,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x737e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:11,746",
        "eid": 119,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77930000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:12,605",
        "eid": 120,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76c60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:13,121",
        "eid": 121,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77930000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:14,371",
        "eid": 122,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x73290000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:14,699",
        "eid": 123,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76b60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:16,636",
        "eid": 124,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x73250000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:17,355",
        "eid": 125,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\actxprxy.dll",
          "pathtofile": null,
          "moduleaddress": "0x73200000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-03-05 09:04:18,433",
        "eid": 126,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,433",
        "eid": 127,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,449",
        "eid": 128,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,621",
        "eid": 129,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,621",
        "eid": 130,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,621",
        "eid": 131,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,621",
        "eid": 132,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:18,636",
        "eid": 133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-05 09:04:18,636",
        "eid": 134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,636",
        "eid": 135,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-05 09:04:18,636",
        "eid": 136,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      }
    ],
    "encryptedbuffers": [],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": []
    }
  },
  "debug": {
    "log": "2026-03-05 02:28:18,262 [root] INFO: Date set to: 20260305T12:03:30, timeout set to: 60\n2026-03-05 12:03:30,152 [root] DEBUG: Starting analyzer from: C:\\nrmtx0xa\n2026-03-05 12:03:30,199 [root] DEBUG: Storing results at: C:\\sOBLrUTEk\n2026-03-05 12:03:30,230 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\YmAxTshEz\n2026-03-05 12:03:30,246 [root] DEBUG: Python path: C:\\Python310\n2026-03-05 12:03:30,246 [root] INFO: analysis running as an admin\n2026-03-05 12:03:30,277 [root] DEBUG: no analysis package configured, picking one for you\n2026-03-05 12:03:30,339 [root] INFO: analysis package selected: \"generic\"\n2026-03-05 12:03:30,339 [root] DEBUG: importing analysis package module: \"modules.packages.generic\"...\n2026-03-05 12:03:30,433 [root] DEBUG: imported analysis package \"generic\"\n2026-03-05 12:03:30,480 [root] DEBUG: initializing analysis package \"generic\"...\n2026-03-05 12:03:30,480 [lib.common.common] INFO: wrapping\n2026-03-05 12:03:30,558 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 12:03:30,761 [root] DEBUG: New location of moved file: C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\n2026-03-05 12:03:30,761 [root] INFO: Analyzer: Package modules.packages.generic does not specify a DLL option\n2026-03-05 12:03:30,761 [root] INFO: Analyzer: Package modules.packages.generic does not specify a DLL_64 option\n2026-03-05 12:03:30,761 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader option\n2026-03-05 12:03:30,761 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader_64 option\n2026-03-05 12:03:30,902 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-03-05 12:03:30,980 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-03-05 12:03:31,074 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-03-05 12:03:31,292 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-03-05 12:03:31,417 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-03-05 12:03:31,433 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'\n2026-03-05 12:03:31,449 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'\n2026-03-05 12:03:31,480 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance\n2026-03-05 12:03:31,480 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-03-05 12:03:31,496 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-03-05 12:03:31,496 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-03-05 12:03:31,511 [root] DEBUG: attempting to configure 'Browser' from data\n2026-03-05 12:03:31,511 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-03-05 12:03:31,511 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-03-05 12:03:31,511 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-03-05 12:03:31,511 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-03-05 12:03:31,511 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-03-05 12:03:31,527 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-03-05 12:03:31,527 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-03-05 12:03:31,527 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-03-05 12:03:32,621 [modules.auxiliary.digisig] DEBUG: File format not recognized\n2026-03-05 12:03:32,621 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-03-05 12:03:32,667 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-03-05 12:03:32,683 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-03-05 12:03:32,683 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-03-05 12:03:32,699 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-03-05 12:03:32,699 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-03-05 12:03:32,761 [modules.auxiliary.disguise] INFO: Disguising GUID to e8ef1c9c-07c5-4e62-b3f4-572f446a7d68\n2026-03-05 12:03:32,761 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-03-05 12:03:32,761 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-03-05 12:03:32,761 [root] DEBUG: attempting to configure 'Human' from data\n2026-03-05 12:03:32,777 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-03-05 12:03:32,777 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-03-05 12:03:32,777 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-03-05 12:03:32,777 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-03-05 12:03:32,777 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-03-05 12:03:32,792 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-03-05 12:03:32,792 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-03-05 12:03:32,808 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-03-05 12:03:32,902 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-03-05 12:03:32,918 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-03-05 12:03:32,918 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-03-05 12:03:32,918 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-03-05 12:03:32,933 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 656\n2026-03-05 12:03:47,964 [lib.api.process] INFO: Monitor config for <Process 656 lsass.exe>: C:\\nrmtx0xa\\dll\\656.ini\n2026-03-05 12:03:48,027 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor\n2026-03-05 12:03:48,261 [lib.api.process] INFO: 64-bit DLL to inject is C:\\nrmtx0xa\\dll\\YQNjRrl.dll, loader C:\\nrmtx0xa\\bin\\mFCVnxCg.exe\n2026-03-05 12:03:49,011 [root] DEBUG: Loader: Injecting process 656 with C:\\nrmtx0xa\\dll\\YQNjRrl.dll.\n2026-03-05 12:03:49,996 [root] DEBUG: 656: Python path set to 'C:\\Python310'.\n2026-03-05 12:03:50,011 [root] DEBUG: 656: Disabling sleep skipping.\n2026-03-05 12:03:50,105 [root] DEBUG: 656: TLS secret dump mode enabled.\n2026-03-05 12:03:50,214 [root] DEBUG: 656: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 12:03:50,230 [root] DEBUG: 656: Monitor initialised: 64-bit capemon loaded in process 656 at 0x00007FF94D7D0000, thread 7124, image base 0x00007FF794EB0000, stack from 0x000000A2778F1000-0x000000A277900000\n2026-03-05 12:03:50,246 [root] DEBUG: 656: Commandline: C:\\Windows\\system32\\lsass.exe\n2026-03-05 12:03:50,277 [root] DEBUG: 656: Hooked 5 out of 5 functions\n2026-03-05 12:03:50,277 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 12:03:50,292 [root] DEBUG: Successfully injected DLL C:\\nrmtx0xa\\dll\\YQNjRrl.dll.\n2026-03-05 12:03:50,292 [lib.api.process] INFO: Injected into 64-bit <Process 656 lsass.exe>\n2026-03-05 12:03:50,292 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-03-05 12:03:50,964 [root] DEBUG: 656: TLS 1.2 secrets logged to: C:\\sOBLrUTEk\\tlsdump\\tlsdump.log\n2026-03-05 12:04:00,340 [root] INFO: Restarting WMI Service\n2026-03-05 12:04:00,496 [root] DEBUG: package modules.packages.generic does not support configure, ignoring\n2026-03-05 12:04:00,496 [root] WARNING: configuration error for package modules.packages.generic: error importing data.packages.generic: No module named 'data.packages'\n2026-03-05 12:04:00,496 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 12:04:00,496 [lib.api.process] INFO: Successfully executed process from path \"C:\\Windows\\system32\\cmd.exe\" with arguments \"/c start /wait \"\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\"\" with pid 4048\n2026-03-05 12:04:00,496 [lib.api.process] INFO: Monitor config for <Process 4048 cmd.exe>: C:\\nrmtx0xa\\dll\\4048.ini\n2026-03-05 12:04:00,511 [lib.api.process] INFO: 32-bit DLL to inject is C:\\nrmtx0xa\\dll\\wvQSlzsE.dll, loader C:\\nrmtx0xa\\bin\\ILhhdUE.exe\n2026-03-05 12:04:00,636 [root] DEBUG: Loader: Injecting process 4048 (thread 6696) with C:\\nrmtx0xa\\dll\\wvQSlzsE.dll.\n2026-03-05 12:04:00,699 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 12:04:00,699 [root] DEBUG: Successfully injected DLL C:\\nrmtx0xa\\dll\\wvQSlzsE.dll.\n2026-03-05 12:04:00,746 [lib.api.process] INFO: Injected into 32-bit <Process 4048 cmd.exe>\n2026-03-05 12:04:02,840 [lib.api.process] INFO: Successfully resumed <Process 4048 cmd.exe>\n2026-03-05 12:04:03,808 [root] DEBUG: 4048: Python path set to 'C:\\Python310'.\n2026-03-05 12:04:03,871 [root] DEBUG: 4048: Disabling sleep skipping.\n2026-03-05 12:04:03,886 [root] DEBUG: 4048: Dropped file limit defaulting to 100.\n2026-03-05 12:04:03,964 [root] DEBUG: 4048: YaraInit: Compiled 44 rule files\n2026-03-05 12:04:03,980 [root] DEBUG: 4048: YaraInit: Compiled rules saved to file C:\\nrmtx0xa\\data\\yara\\capemon.yac\n2026-03-05 12:04:03,980 [root] DEBUG: 4048: YaraScan: Scanning 0x00170000, size 0x595ee\n2026-03-05 12:04:03,996 [root] DEBUG: 4048: YaraScan hit: FindFixAndRun\n2026-03-05 12:04:04,027 [root] DEBUG: 4048: Monitor initialised: 32-bit capemon loaded in process 4048 at 0x739f0000, thread 6696, image base 0x170000, stack from 0x2a03000-0x2b00000\n2026-03-05 12:04:04,136 [root] DEBUG: 4048: Commandline: \"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\test.txt\"\n2026-03-05 12:04:04,230 [root] DEBUG: 4048: hook_api: LdrpCallInitRoutine export address 0x779A2A40 obtained via GetFunctionAddress\n2026-03-05 12:04:04,308 [root] WARNING: b'Unable to place hook on GetCommandLineA'\n2026-03-05 12:04:04,308 [root] DEBUG: 4048: set_hooks: Unable to hook GetCommandLineA\n2026-03-05 12:04:04,324 [root] WARNING: b'Unable to place hook on GetCommandLineW'\n2026-03-05 12:04:04,324 [root] DEBUG: 4048: set_hooks: Unable to hook GetCommandLineW\n2026-03-05 12:04:04,386 [root] DEBUG: 4048: Hooked 630 out of 632 functions\n2026-03-05 12:04:04,402 [root] DEBUG: 4048: set_hooks_exe: Hooked FindFixAndRun at 0x0017AD60\n2026-03-05 12:04:04,402 [root] DEBUG: 4048: Syscall hook installed, syscall logging level 1\n2026-03-05 12:04:04,417 [root] DEBUG: 4048: RestoreHeaders: Restored original import table.\n2026-03-05 12:04:04,417 [root] INFO: Loaded monitor into process with pid 4048\n2026-03-05 12:04:04,433 [root] DEBUG: 4048: caller_dispatch: Added region at 0x00170000 to tracked regions list (ntdll::NtOpenThread returns to 0x001809DE, thread 6696).\n2026-03-05 12:04:04,433 [root] DEBUG: 4048: YaraScan: Scanning 0x00170000, size 0x595ee\n2026-03-05 12:04:04,433 [root] DEBUG: 4048: ProcessImageBase: Main module image at 0x00170000 unmodified (entropy change 0.000000e+00)\n2026-03-05 12:04:04,605 [root] DEBUG: 4048: InstrumentationCallback: Added region at 0x75C633EC (base 0x75B30000) to tracked regions list (thread 6696).\n2026-03-05 12:04:04,605 [root] DEBUG: 4048: ProcessTrackedRegion: Region at 0x75B30000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-03-05 12:04:04,621 [root] DEBUG: 4048: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-03-05 12:04:04,621 [root] DEBUG: 4048: DLL loaded at 0x74D40000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-03-05 12:04:04,621 [root] DEBUG: 4048: DLL loaded at 0x76C00000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-03-05 12:04:04,667 [root] DEBUG: 4048: DLL loaded at 0x740C0000: C:\\Windows\\system32\\uxtheme (0x74000 bytes).\n2026-03-05 12:04:04,699 [root] DEBUG: 4048: DLL loaded at 0x76C60000: C:\\Windows\\System32\\shell32 (0x5b5000 bytes).\n2026-03-05 12:04:04,746 [root] DEBUG: 4048: InstrumentationCallback: Added region at 0x760924AC (base 0x76070000) to tracked regions list (thread 6696).\n2026-03-05 12:04:04,746 [root] DEBUG: 4048: ProcessTrackedRegion: Region at 0x76070000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-03-05 12:04:04,793 [root] DEBUG: 4048: DLL loaded at 0x737E0000: C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\\comctl32 (0x210000 bytes).\n2026-03-05 12:04:04,886 [root] DEBUG: 4048: ProcessTrackedRegion: Region at 0x76070000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-03-05 12:04:04,902 [root] DEBUG: 4048: DLL loaded at 0x76190000: C:\\Windows\\System32\\SHCORE (0x87000 bytes).\n2026-03-05 12:04:04,902 [root] DEBUG: 4048: DLL loaded at 0x751C0000: C:\\Windows\\System32\\Wldp (0x27000 bytes).\n2026-03-05 12:04:04,917 [root] DEBUG: 4048: DLL loaded at 0x751F0000: C:\\Windows\\SYSTEM32\\windows.storage (0x60d000 bytes).\n2026-03-05 12:04:04,933 [root] DEBUG: 4048: DLL loaded at 0x73710000: C:\\Windows\\System32\\PROPSYS (0xc2000 bytes).\n2026-03-05 12:04:04,933 [root] DEBUG: 4048: DLL loaded at 0x759E0000: C:\\Windows\\System32\\clbcatq (0x7e000 bytes).\n2026-03-05 12:04:04,980 [root] DEBUG: 4048: DEBUG:Initialized 9 com hooks\n2026-03-05 12:04:05,011 [root] DEBUG: 4048: DLL loaded at 0x74D50000: C:\\Windows\\System32\\profapi (0x18000 bytes).\n2026-03-05 12:04:05,527 [root] DEBUG: 4048: DLL loaded at 0x75F30000: C:\\Windows\\System32\\CFGMGR32 (0x3b000 bytes).\n2026-03-05 12:04:05,792 [root] DEBUG: 4048: DLL loaded at 0x736F0000: C:\\Windows\\System32\\edputil (0x1b000 bytes).\n2026-03-05 12:04:09,668 [root] DEBUG: 4048: DLL loaded at 0x73650000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x93000 bytes).\n2026-03-05 12:04:11,652 [root] DEBUG: 4048: ProcessTrackedRegion: Region at 0x76070000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-03-05 12:04:13,105 [root] DEBUG: 4048: DLL loaded at 0x74BA0000: C:\\Windows\\SYSTEM32\\apphelp (0x9f000 bytes).\n2026-03-05 12:04:14,371 [root] DEBUG: 4048: DLL loaded at 0x73290000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x3b9000 bytes).\n2026-03-05 12:04:16,637 [root] DEBUG: 4048: DLL loaded at 0x73250000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x3d000 bytes).\n2026-03-05 12:04:17,340 [root] DEBUG: 4048: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-03-05 12:04:17,340 [root] DEBUG: 4048: DLL loaded at 0x73200000: C:\\Windows\\System32\\ActXPrxy (0x4a000 bytes).\n2026-03-05 12:04:18,449 [root] DEBUG: 4048: NtTerminateProcess hook: Attempting to dump process 4048\n2026-03-05 12:04:18,449 [root] DEBUG: 4048: VerifyCodeSection: Executable code does not match, 0x9d62 of 0x2bfcb matching\n2026-03-05 12:04:18,465 [root] DEBUG: 4048: DoProcessDump: Code modification detected, dumping Imagebase at 0x00170000.\n2026-03-05 12:04:18,465 [root] DEBUG: 4048: DumpImageInCurrentProcess: Attempting to dump virtual PE image.\n2026-03-05 12:04:18,465 [root] DEBUG: 4048: DumpProcess: Instantiating PeParser with address: 0x00170000.\n2026-03-05 12:04:18,480 [root] DEBUG: 4048: DumpProcess: Module entry point VA is 0x00186B20.\n2026-03-05 12:04:18,545 [lib.common.results] INFO: Uploading file C:\\sOBLrUTEk\\CAPE\\4048_919720418495432026 to procdump\\6799c194488183975b7df7126eeda05634e0f7f5b360a9192e973e7d4869f358; Size is 346624; Max size: 100000000\n2026-03-05 12:04:18,574 [root] DEBUG: 4048: DumpProcess: Module image dump success - dump size 0x54a00.\n2026-03-05 12:04:18,636 [root] INFO: Process with pid 4048 has terminated\n2026-03-05 12:04:24,183 [root] INFO: Process list is empty, terminating analysis\n2026-03-05 12:04:25,230 [root] INFO: Created shutdown mutex\n2026-03-05 12:04:26,308 [root] INFO: Shutting down package\n2026-03-05 12:04:26,308 [root] INFO: Stopping auxiliary modules\n2026-03-05 12:04:26,355 [root] INFO: Stopping auxiliary module: Browser\n2026-03-05 12:04:26,449 [root] INFO: Stopping auxiliary module: Human\n2026-03-05 12:04:29,886 [root] INFO: Stopping auxiliary module: Screenshots\n2026-03-05 12:04:30,292 [root] INFO: Finishing auxiliary modules\n2026-03-05 12:04:30,292 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-03-05 12:04:30,292 [root] WARNING: Folder at path \"C:\\sOBLrUTEk\\debugger\" does not exist, skipping\n2026-03-05 12:04:30,292 [root] INFO: Uploading files at path \"C:\\sOBLrUTEk\\tlsdump\"\n2026-03-05 12:04:30,308 [lib.common.results] INFO: Uploading file C:\\sOBLrUTEk\\tlsdump\\tlsdump.log to tlsdump\\tlsdump.log; Size is 4110; Max size: 100000000\n2026-03-05 12:04:30,324 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "4de4b798b0232c53056e1ad63b6b212717366e10a890bbd980562d79295754c9",
    "hosts": [
      {
        "ip": "72.154.7.109",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.16",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "4.207.247.138",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "135.232.92.97",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "176.99.136.153",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      }
    ],
    "domains": [],
    "tcp": [
      {
        "src": "192.168.1.100",
        "sport": 50625,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 12277,
        "time": 4.594338893890381
      },
      {
        "src": "192.168.1.100",
        "sport": 50615,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 14472,
        "time": 4.733397006988525
      },
      {
        "src": "192.168.1.100",
        "sport": 50629,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 15995,
        "time": 4.77026891708374
      },
      {
        "src": "192.168.1.100",
        "sport": 50631,
        "dst": "109.61.38.38",
        "dport": 80,
        "offset": 1014024,
        "time": 15.770339965820312
      },
      {
        "src": "192.168.1.100",
        "sport": 50633,
        "dst": "135.232.92.97",
        "dport": 443,
        "offset": 1016854,
        "time": 17.117995023727417
      },
      {
        "src": "192.168.1.100",
        "sport": 49739,
        "dst": "4.207.247.138",
        "dport": 443,
        "offset": 1042018,
        "time": 20.270421981811523
      },
      {
        "src": "192.168.1.100",
        "sport": 50637,
        "dst": "23.46.116.231",
        "dport": 80,
        "offset": 1044453,
        "time": 20.721524953842163
      },
      {
        "src": "192.168.1.100",
        "sport": 50639,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 1062764,
        "time": 24.59340190887451
      },
      {
        "src": "192.168.1.100",
        "sport": 50641,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 1077832,
        "time": 24.90199089050293
      },
      {
        "src": "192.168.1.100",
        "sport": 50642,
        "dst": "72.154.7.16",
        "dport": 443,
        "offset": 2209727,
        "time": 25.454803943634033
      },
      {
        "src": "192.168.1.100",
        "sport": 50644,
        "dst": "72.154.7.109",
        "dport": 443,
        "offset": 2210615,
        "time": 25.49800705909729
      },
      {
        "src": "192.168.1.100",
        "sport": 50647,
        "dst": "40.126.53.16",
        "dport": 443,
        "offset": 2228735,
        "time": 39.85750603675842
      },
      {
        "src": "192.168.1.100",
        "sport": 50651,
        "dst": "135.232.92.97",
        "dport": 443,
        "offset": 2300044,
        "time": 40.99868106842041
      },
      {
        "src": "192.168.1.100",
        "sport": 50654,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 2327584,
        "time": 41.79582405090332
      },
      {
        "src": "192.168.1.100",
        "sport": 50657,
        "dst": "13.71.55.58",
        "dport": 443,
        "offset": 2358934,
        "time": 43.86434507369995
      },
      {
        "src": "192.168.1.100",
        "sport": 50660,
        "dst": "80.239.137.171",
        "dport": 443,
        "offset": 2373899,
        "time": 46.16152596473694
      },
      {
        "src": "192.168.1.100",
        "sport": 50661,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 2403755,
        "time": 47.76285791397095
      },
      {
        "src": "192.168.1.100",
        "sport": 50670,
        "dst": "4.207.247.137",
        "dport": 443,
        "offset": 3622086,
        "time": 55.84708499908447
      },
      {
        "src": "192.168.1.100",
        "sport": 50684,
        "dst": "2.23.89.205",
        "dport": 443,
        "offset": 3639828,
        "time": 77.401447057724
      },
      {
        "src": "192.168.1.100",
        "sport": 50686,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 3651557,
        "time": 78.04995393753052
      },
      {
        "src": "192.168.1.100",
        "sport": 50687,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 3670000,
        "time": 78.16430902481079
      },
      {
        "src": "192.168.1.100",
        "sport": 50689,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 3673562,
        "time": 78.18486595153809
      },
      {
        "src": "192.168.1.100",
        "sport": 50688,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 3674245,
        "time": 78.18624210357666
      }
    ],
    "udp": [
      {
        "src": "192.168.1.100",
        "sport": 60944,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 12172,
        "time": 4.590401887893677
      },
      {
        "src": "192.168.1.100",
        "sport": 50976,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 13838,
        "time": 4.674163103103638
      },
      {
        "src": "192.168.1.100",
        "sport": 58477,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 15294,
        "time": 4.755980014801025
      },
      {
        "src": "192.168.1.100",
        "sport": 57860,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1042356,
        "time": 20.564022064208984
      },
      {
        "src": "192.168.1.100",
        "sport": 60411,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 1043246,
        "time": 20.690480947494507
      },
      {
        "src": "192.168.1.100",
        "sport": 62685,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1064348,
        "time": 24.657679080963135
      },
      {
        "src": "192.168.1.100",
        "sport": 54445,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2227540,
        "time": 39.50865602493286
      },
      {
        "src": "192.168.1.100",
        "sport": 53236,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2300330,
        "time": 41.12172508239746
      },
      {
        "src": "192.168.1.100",
        "sport": 54265,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 2326699,
        "time": 41.7300910949707
      },
      {
        "src": "192.168.1.100",
        "sport": 57678,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2371826,
        "time": 46.032121896743774
      },
      {
        "src": "192.168.1.100",
        "sport": 63237,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2405830,
        "time": 48.75488901138306
      },
      {
        "src": "192.168.1.100",
        "sport": 52195,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 3650485,
        "time": 77.77240991592407
      },
      {
        "src": "192.168.1.100",
        "sport": 58860,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 16279226,
        "time": 79.3079481124878
      }
    ],
    "icmp": [
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      }
    ],
    "http": [
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=288358400-289406975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.126\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712215.178851
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=289406976-290455551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.127\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712215.317909
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712215.354781
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=25165824-26079085\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712215.412484
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721321&P2=404&P3=2&P4=m6KAPqTuerraVqdvWTHn496yHsBa0noCOIsmnlVs6xmkcyFzQu9Cv7dGs8Oe75RCTvTSqmuJl17pjDxcHYyYGQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721321&P2=404&P3=2&P4=m6KAPqTuerraVqdvWTHn496yHsBa0noCOIsmnlVs6xmkcyFzQu9Cv7dGs8Oe75RCTvTSqmuJl17pjDxcHYyYGQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721321&P2=404&P3=2&P4=m6KAPqTuerraVqdvWTHn496yHsBa0noCOIsmnlVs6xmkcyFzQu9Cv7dGs8Oe75RCTvTSqmuJl17pjDxcHYyYGQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712235.177914
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=17825792-18874367\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712235.486503
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712252.380336
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.2.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712258.34737
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=8388608-9437183\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.2.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712261.677717
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712288.634466
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=9437184-10485759\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712288.711283
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=288358400-289406975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712288.748821
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=10485760-11534335\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712288.769378
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=289406976-290455551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712288.770754
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=290455552-291504127\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.4\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.192141
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=291504128-292552703\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.5\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.201777
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=11534336-12582911\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.4\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.221862
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=12582912-13631487\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.5\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.296702
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=292552704-293601279\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.6\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.459033
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=293601280-294649855\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.7\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.481175
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=13631488-14680063\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.6\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.637345
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=294649856-295698431\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.8\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.706148
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=295698432-296747007\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.9\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712289.983271
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=14680064-15728639\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.7\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.018897
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=296747008-297795583\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.10\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.053485
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=15728640-16777215\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.8\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.262381
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=297795584-298844159\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.11\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.343528
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=16777216-17825791\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.9\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.360138
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=298844160-299892735\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.12\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.360523
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=299892736-300941311\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.13\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.590251
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=300941312-301989887\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.14\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.803536
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=301989888-303038463\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.15\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712290.813419
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=303038464-304087039\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.16\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712291.030065
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=304087040-305135615\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.17\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712291.105088
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=305135616-306184191\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.18\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712291.224326
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=306184192-307232767\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.19\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712291.416073
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=307232768-308281343\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.20\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712291.42584
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=308281344-309329919\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.21\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772712291.612962
      }
    ],
    "dns": [],
    "smtp": [],
    "irc": [],
    "dead_hosts": []
  },
  "suricata": {
    "alerts": [],
    "tls": [],
    "perf": [],
    "files": [],
    "http": [
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:03:30.584512+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 864835,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:03:30.584512+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 0,
        "hostname": "176.99.136.153",
        "status": null,
        "http_method": "GET",
        "contenttype": null,
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50629,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:03:35.412484+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50629,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:03:35.698546+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 913262,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50639,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:03:55.267596+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721321&P2=404&P3=2&P4=m6KAPqTuerraVqdvWTHn496yHsBa0noCOIsmnlVs6xmkcyFzQu9Cv7dGs8Oe75RCTvTSqmuJl17pjDxcHYyYGQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50641,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:03:55.831745+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50654,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:12.469373+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50661,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:18.438055+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50661,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:21.969679+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50686,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:48.711283+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.192141+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.201777+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50689,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.221862+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50686,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.271664+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.444231+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.481175+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50689,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.607643+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.695137+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.872842+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.910293+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50689,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:49.969565+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50686,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.251278+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.332758+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.344189+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50689,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.360138+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.590251+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.803536+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.813419+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50689,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:50.841501+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:51.002369+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50686,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:51.075807+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:51.105088+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:51.224326+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50687,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:51.416073+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:51.425840+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50688,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 12:04:51.612962+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      }
    ],
    "dns": [],
    "ssh": [],
    "fileinfo": [],
    "eve_log_full_path": "/opt/CAPEv2/storage/analyses/5/logs/eve.json",
    "alert_log_full_path": null,
    "tls_log_full_path": null,
    "http_log_full_path": null,
    "file_log_full_path": null,
    "ssh_log_full_path": null,
    "dns_log_full_path": null
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "stealth_network",
      "description": "Network activity detected but not expressed in monitor API logs",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "ip": "72.154.7.109"
        },
        {
          "ip": "72.154.7.16"
        },
        {
          "ip": "4.207.247.138"
        },
        {
          "ip": "135.232.92.97"
        },
        {
          "ip": "176.99.136.153"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_locale_api",
      "description": "Queries the computer locale (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4048,
          "cid": 74
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "stealth_timeout",
      "description": "Possible date expiration check, exits too soon after checking local time",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "process": "cmd.exe, PID 4048"
        },
        {
          "type": "call",
          "pid": 4048,
          "cid": 849
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "language_check_registry",
      "description": "Checks system language via registry key (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
        },
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_cnc_http",
      "description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
      "categories": [
        "network",
        "c2"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721321&P2=404&P3=2&P4=m6KAPqTuerraVqdvWTHn496yHsBa0noCOIsmnlVs6xmkcyFzQu9Cv7dGs8Oe75RCTvTSqmuJl17pjDxcHYyYGQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_http",
      "description": "Performs some HTTP requests",
      "categories": [
        "network"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721321&P2=404&P3=2&P4=m6KAPqTuerraVqdvWTHn496yHsBa0noCOIsmnlVs6xmkcyFzQu9Cv7dGs8Oe75RCTvTSqmuJl17pjDxcHYyYGQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "discover_registry_mount_points",
      "description": "Queries registry mount points to identify historical or connected removable/network drives",
      "categories": [
        "discovery",
        "ransomware",
        "wiper"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Generation"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\Data"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{c48439d1-0000-0000-0000-100000000000}\\"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_questionable_http_path",
      "description": "Makes a suspicious HTTP request to a commonly exploitable directory with questionable file ext",
      "categories": [
        "network"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721321&P2=404&P3=2&P4=m6KAPqTuerraVqdvWTHn496yHsBa0noCOIsmnlVs6xmkcyFzQu9Cv7dGs8Oe75RCTvTSqmuJl17pjDxcHYyYGQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721032&P2=404&P3=2&P4=SB%2bmX3Nl6yX7DcLhdaXxguzgx5oXLvgkyB2bn1TH9xUxYBCBgL4ZmOIh41pO%2f0HzSxfo3XamOaoXv%2f5LR73EUQ%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "procmem_yara",
      "description": "Yara detections observed in process dumps, payloads or dropped files",
      "categories": [
        "malware"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "Hit": "PID 4048 triggered the Yara rule 'IsPE32' with data '[]'"
        },
        {
          "Hit": "PID 4048 triggered the Yara rule 'IsConsole' with data '[]'"
        },
        {
          "Hit": "PID 4048 triggered the Yara rule 'HasDebugData' with data '[]'"
        },
        {
          "Hit": "PID 4048 triggered the Yara rule 'HasRichSignature' with data '['Rich']'"
        },
        {
          "Hit": "PID 4048 triggered the Yara rule 'Visual_Cpp_2005_Release_Microsoft' with data '['{ E8 F8 4E 00 00 E9 E1 FD FF FF }', '{ E8 CB C9 FF FF E9 FB FD FF FF }', '{ E8 D0 05 00 00 E9 D9 FD FF FF }']'"
        },
        {
          "Hit": "PID 4048 triggered the Yara rule 'VC8_Microsoft_Corporation' with data '['{ E8 F8 4E 00 00 E9 E1 FD FF FF }', '{ E8 23 ED FF FF E9 27 FF FF FF }', '{ E8 15 78 00 00 E9 99 FE FF FF }', '{ E8 0D 11 00 00 E9 5A FF FF FF }', '{ E8 84 1D 00 00 E9 62 FE FF FF }', '{ E8 A3 12 00 00 E9 27 FF FF FF }', '{ E8 19 14 00 00 E9 1D FF FF FF }', '{ E8 BA 01 00 00 E9 76 FE FF FF }', '{ E8 D4 A8 01 00 E9 53 FF FF FF }', '{ E8 03 1E 00 00 E9 64 FF FF FF }', '{ E8 A1 21 00 00 E9 52 FF FF FF }', '{ E8 6E 3A 00 00 E9 DE FE FF FF }', '{ E8 32 A1 FF FF E9 EA FE FF FF }', '{ E8 75 00 00 00 E9 5A FE FF FF }', '{ E8 00 00 8B FE E9 E8 FA FF FF }', '{ E8 63 01 00 00 E9 BD FC FF FF }', '{ E8 1E D4 FF FF E9 27 FF FF FF }', '{ E8 56 07 00 00 E9 36 FE FF FF }', '{ E8 CB C9 FF FF E9 FB FD FF FF }', '{ E8 7C A0 FF FF E9 83 FE FF FF }', '{ E8 E4 20 00 00 E9 2F FF FF FF }', '{ E8 C9 EB FF FF E9 66 FF FF FF }', '{ E8 96 B0 FF FF E9 6C FF FF FF }', '{ E8 D0 05 00 00 E9 D9 FD FF FF }', '{ E8 4E ED FF FF E9 06 F4 FF FF }', '{ E8 F9 9F 00 00 E9 E5 03 FF FF }', '{ E8 4A C0 FE FF E9 29 00 FF FF }', '{ E8 50 F2 FE FF E9 2D 04 FF FF }', '{ E8 C5 29 FF FF E9 B9 06 FF FF }', '{ E8 90 0D FF FF E9 6B 19 FF FF }', '{ E8 38 C3 FE FF E9 2D 1B FF FF }', '{ E8 27 C3 FE FF E9 30 1B FF FF }', '{ E8 16 C3 FE FF E9 33 1B FF FF }', '{ E8 67 C2 FE FF E9 96 1A FF FF }', '{ E8 58 A1 00 00 E9 5E 1C FF FF }', '{ E8 BB 54 00 00 E9 72 1E FF FF }', '{ E8 3F F7 FE FF E9 57 FF FF FF }', '{ E8 45 AC 00 00 E9 F2 21 FF FF }', '{ E8 19 AC 00 00 E9 69 22 FF FF }', '{ E8 7F 99 FE FF E9 D0 2E FF FF }', '{ E8 16 42 00 00 E9 BB 30 FF FF }', '{ E8 F6 41 00 00 E9 01 31 FF FF }', '{ E8 5E 94 00 00 E9 E4 35 FF FF }', '{ E8 54 94 00 00 E9 2A 36 FF FF }', '{ E8 4A 94 00 00 E9 78 36 FF FF }', '{ E8 6F 3C FF FF E9 5D 37 FF FF }', '{ E8 DE 91 00 00 E9 6B 3C FF FF }', '{ E8 D9 E4 FE FF E9 FE 3C FF FF }', '{ E8 68 FB FE FF E9 5C 40 FF FF }', '{ E8 61 AD FE FF E9 58 41 FF FF }', '{ E8 D2 FE FE FF E9 98 40 FF FF }', '{ E8 A0 F4 FE FF E9 B7 42 FF FF }', '{ E8 A4 A0 FE FF E9 41 44 FF FF }', '{ E8 F1 42 FF FF E9 FE 3B FF FF }', '{ E8 75 18 FF FF E9 66 3F FF FF }', '{ E8 9A 95 FE FF E9 8E 40 FF FF }', '{ E8 06 E7 FE FF E9 23 41 FF FF }', '{ E8 36 14 FF FF E9 7C FF FF FF }', '{ E8 F8 42 FF FF E9 EA 42 FF FF }', '{ E8 41 41 FF FF E9 95 41 FF FF }', '{ E8 E9 D8 FE FF E9 43 42 FF FF }', '{ E8 63 41 00 00 E9 A7 44 FF FF }', '{ E8 E3 0F 00 00 E9 65 FF FF FF }', '{ E8 EC AD FE FF E9 AE FC FF FF }']'"
        },
        {
          "Hit": "PID 4048 triggered the Yara rule 'Microsoft_Visual_Cpp_8' with data '['\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 D8 1E 17 00 02 00 00 00 E0 1E 17 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 80 0D 77 04 10 15 77 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 80 0D 77 04 10 15 77 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 80 0D 77 04 10 15 77 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x004\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 02 00 10 A0 02 00 00 B0 02 9F FC AF 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04A\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x041\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x04@\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x04B\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x04=\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 04 3D 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 04 3D 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 04 3D 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 }', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\n\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\n\\x00\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E7 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 7C 18 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D4 72 18 00 00 }', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00w\\x00\\x00', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00w\\x00\\x00', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '{ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }', '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00', '{ E8 F8 4E 00 00 E9 E1 FD FF FF }', '{ E8 15 78 00 00 E9 99 FE FF FF }', '{ E8 0D 11 00 00 E9 5A FF FF FF }', '{ E8 84 1D 00 00 E9 62 FE FF FF }', '{ E8 A3 12 00 00 E9 27 FF FF FF }', '{ E8 19 14 00 00 E9 1D FF FF FF }', '{ E8 BA 01 00 00 E9 76 FE FF FF }', '{ E8 03 1E 00 00 E9 64 FF FF FF }', '{ E8 A1 21 00 00 E9 52 FF FF FF }', '{ E8 6E 3A 00 00 E9 DE FE FF FF }', '{ E8 75 00 00 00 E9 5A FE FF FF }', '{ E8 63 01 00 00 E9 BD FC FF FF }', '{ E8 56 07 00 00 E9 36 FE FF FF }', '{ E8 E4 20 00 00 E9 2F FF FF FF }', '{ E8 D0 05 00 00 E9 D9 FD FF FF }', '{ E8 F9 9F 00 00 E9 E5 03 FF FF }', '{ E8 58 A1 00 00 E9 5E 1C FF FF }', '{ E8 BB 54 00 00 E9 72 1E FF FF }', '{ E8 45 AC 00 00 E9 F2 21 FF FF }', '{ E8 19 AC 00 00 E9 69 22 FF FF }', '{ E8 16 42 00 00 E9 BB 30 FF FF }', '{ E8 F6 41 00 00 E9 01 31 FF FF }', '{ E8 5E 94 00 00 E9 E4 35 FF FF }', '{ E8 54 94 00 00 E9 2A 36 FF FF }', '{ E8 4A 94 00 00 E9 78 36 FF FF }', '{ E8 DE 91 00 00 E9 6B 3C FF FF }', '{ E8 63 41 00 00 E9 A7 44 FF FF }', '{ E8 E3 0F 00 00 E9 65 FF FF FF }']'"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 7.3,
  "ttps": [
    {
      "signature": "network_cnc_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OB0004",
        "B0033",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_questionable_http_path",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "procmem_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "discover_registry_mount_points",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    }
  ],
  "malstatus": null
}