{
"statistics": {
"processing": [
{
"name": "CAPE",
"time": 16.655
},
{
"name": "AnalysisInfo",
"time": 0.055
},
{
"name": "BehaviorAnalysis",
"time": 0.121
},
{
"name": "Debug",
"time": 0.002
},
{
"name": "NetworkAnalysis",
"time": 4.78
},
{
"name": "Suricata",
"time": 5.845
},
{
"name": "UrlAnalysis",
"time": 0.0
},
{
"name": "script_log_processing",
"time": 0.0
},
{
"name": "ProcessMemory",
"time": 0.0
}
],
"signatures": [
{
"name": "packer_themida",
"time": 0.0
},
{
"name": "stealth_network",
"time": 0.0
},
{
"name": "disable_driver_via_blocklist",
"time": 0.0
},
{
"name": "disable_driver_via_hvcidisallowedimages",
"time": 0.0
},
{
"name": "disable_hypervisor_protected_code_integrity",
"time": 0.0
},
{
"name": "pendingfilerenameoperations_Operations",
"time": 0.0
},
{
"name": "anomalous_deletefile",
"time": 0.0
},
{
"name": "antiav_360_libs",
"time": 0.0
},
{
"name": "antiav_ahnlab_libs",
"time": 0.0
},
{
"name": "antiav_avast_libs",
"time": 0.0
},
{
"name": "antiav_bitdefender_libs",
"time": 0.0
},
{
"name": "antiav_bullguard_libs",
"time": 0.0
},
{
"name": "antiav_emsisoft_libs",
"time": 0.0
},
{
"name": "antiav_qurb_libs",
"time": 0.0
},
{
"name": "antiav_servicestop",
"time": 0.0
},
{
"name": "antiav_apioverride_libs",
"time": 0.0
},
{
"name": "antidebug_guardpages",
"time": 0.0
},
{
"name": "antidebug_ntcreatethreadex",
"time": 0.0
},
{
"name": "antiav_nthookengine_libs",
"time": 0.0
},
{
"name": "antidebug_outputdebugstring",
"time": 0.0
},
{
"name": "antidebug_setunhandledexceptionfilter",
"time": 0.0
},
{
"name": "antidebug_windows",
"time": 0.0
},
{
"name": "antisandbox_cuckoocrash",
"time": 0.0
},
{
"name": "antisandbox_foregroundwindows",
"time": 0.0
},
{
"name": "mouse_movement_detect",
"time": 0.0
},
{
"name": "antisandbox_sboxie_libs",
"time": 0.0
},
{
"name": "antisandbox_script_timer",
"time": 0.0
},
{
"name": "antisandbox_sleep",
"time": 0.0
},
{
"name": "antisandbox_sunbelt_libs",
"time": 0.0
},
{
"name": "antisandbox_unhook",
"time": 0.0
},
{
"name": "antivm_directory_objects",
"time": 0.0
},
{
"name": "antivm_display",
"time": 0.0
},
{
"name": "antivm_generic_disk",
"time": 0.0
},
{
"name": "antivm_generic_system",
"time": 0.0
},
{
"name": "antivm_checks_available_memory",
"time": 0.0
},
{
"name": "detect_virtualization_via_recent_files",
"time": 0.0
},
{
"name": "antivm_vbox_libs",
"time": 0.0
},
{
"name": "antivm_vmware_events",
"time": 0.0
},
{
"name": "antivm_vmware_libs",
"time": 0.0
},
{
"name": "antivm_wmi",
"time": 0.0
},
{
"name": "api_spamming",
"time": 0.0
},
{
"name": "api_uuidfromstringa",
"time": 0.0
},
{
"name": "bcdedit_command",
"time": 0.0
},
{
"name": "bootkit",
"time": 0.0
},
{
"name": "direct_hdd_access",
"time": 0.0
},
{
"name": "physical_drive_access",
"time": 0.0
},
{
"name": "potential_overwrite_mbr",
"time": 0.0
},
{
"name": "read_file_raw_disk_access",
"time": 0.0
},
{
"name": "suspicious_iocontrol_codes",
"time": 0.0
},
{
"name": "browser_needed",
"time": 0.0
},
{
"name": "regsvr32_squiblydoo_dll_load",
"time": 0.0
},
{
"name": "uac_bypass_cmstp",
"time": 0.0
},
{
"name": "uac_bypass_eventvwr",
"time": 0.0
},
{
"name": "uac_bypass_windows_Backup",
"time": 0.0
},
{
"name": "dotnet_code_compile",
"time": 0.0
},
{
"name": "queries_computer_name",
"time": 0.0
},
{
"name": "queries_user_name",
"time": 0.0
},
{
"name": "creates_largekey",
"time": 0.0
},
{
"name": "creates_nullvalue",
"time": 0.0
},
{
"name": "access_windows_passwords_vault",
"time": 0.0
},
{
"name": "dump_lsa_via_windows_error_reporting",
"time": 0.0
},
{
"name": "lsass_credential_dumping",
"time": 0.0
},
{
"name": "critical_process",
"time": 0.0
},
{
"name": "cryptopool_domains",
"time": 0.0
},
{
"name": "dead_connect",
"time": 0.0
},
{
"name": "dead_link",
"time": 0.0
},
{
"name": "decoy_document",
"time": 0.0
},
{
"name": "decoy_image",
"time": 0.0
},
{
"name": "deletes_consolehost_history",
"time": 0.0
},
{
"name": "dep_bypass",
"time": 0.0
},
{
"name": "dep_disable",
"time": 0.0
},
{
"name": "disables_wfp",
"time": 0.0
},
{
"name": "add_windows_defender_exclusions",
"time": 0.0
},
{
"name": "mountpoints_volume_discovery",
"time": 0.0
},
{
"name": "dll_load_uncommon_file_types",
"time": 0.0
},
{
"name": "document_script_exe_drop",
"time": 0.0
},
{
"name": "guloader_apis",
"time": 0.0
},
{
"name": "driver_load",
"time": 0.0
},
{
"name": "dynamic_function_loading",
"time": 0.0
},
{
"name": "encrypted_ioc",
"time": 0.0
},
{
"name": "exec_crash",
"time": 0.0
},
{
"name": "process_creation_suspicious_location",
"time": 0.0
},
{
"name": "exploit_getbasekerneladdress",
"time": 0.0
},
{
"name": "exploit_gethaldispatchtable",
"time": 0.0
},
{
"name": "exploit_heapspray",
"time": 0.0
},
{
"name": "koadic_apis",
"time": 0.0
},
{
"name": "koadic_network_activity",
"time": 0.0
},
{
"name": "downloads_from_filehosting",
"time": 0.0
},
{
"name": "generic_phish",
"time": 0.0
},
{
"name": "http_request",
"time": 0.0
},
{
"name": "infostealer_browser",
"time": 0.0
},
{
"name": "infostealer_browser_password",
"time": 0.0
},
{
"name": "infostealer_cookies",
"time": 0.0
},
{
"name": "cryptbot_network",
"time": 0.0
},
{
"name": "purplewave_network_activity",
"time": 0.0
},
{
"name": "quilclipper_behavior",
"time": 0.0
},
{
"name": "raccoon_behavior",
"time": 0.0
},
{
"name": "captures_screenshot",
"time": 0.0
},
{
"name": "vidar_behavior",
"time": 0.0
},
{
"name": "injection_createremotethread",
"time": 0.0
},
{
"name": "creates_suspended_process",
"time": 0.0
},
{
"name": "injection_explorer",
"time": 0.0
},
{
"name": "injection_network_traffic",
"time": 0.0
},
{
"name": "injection_runpe",
"time": 0.0
},
{
"name": "injection_rwx",
"time": 0.0
},
{
"name": "injection_themeinitapihook",
"time": 0.0
},
{
"name": "resumethread_remote_process",
"time": 0.0
},
{
"name": "injection_write_exe_process",
"time": 0.0
},
{
"name": "injection_write_process",
"time": 0.0
},
{
"name": "internet_dropper",
"time": 0.0
},
{
"name": "escalate_privilege_via_named_pipe",
"time": 0.0
},
{
"name": "ipc_namedpipe",
"time": 0.0
},
{
"name": "js_phish",
"time": 0.0
},
{
"name": "js_suspicious_redirect",
"time": 0.0
},
{
"name": "loader_alien",
"time": 0.0
},
{
"name": "execute_binary_via_internet_explorer_exporter",
"time": 0.0
},
{
"name": "execute_binary_via_run_exe_helper_utility",
"time": 0.0
},
{
"name": "execute_ps_via_syncappvpublishingserver",
"time": 0.0
},
{
"name": "malicious_dynamic_function_loading",
"time": 0.0
},
{
"name": "encrypt_pcinfo",
"time": 0.0
},
{
"name": "encrypt_data_agenttesla_http",
"time": 0.0
},
{
"name": "encrypt_data_agentteslat2_http",
"time": 0.0
},
{
"name": "encrypt_data_nanocore",
"time": 0.0
},
{
"name": "reads_memory_remote_process",
"time": 0.0
},
{
"name": "mimics_filetime",
"time": 0.0
},
{
"name": "amsi_bypass_via_com_registry",
"time": 0.0
},
{
"name": "access_auto_logons_via_registry",
"time": 0.0
},
{
"name": "access_boot_key_via_registry",
"time": 0.0
},
{
"name": "create_suspicious_lnk_files",
"time": 0.0
},
{
"name": "credential_access_via_windows_credential_history",
"time": 0.0
},
{
"name": "dll_hijacking_via_microsoft_exchange",
"time": 0.0
},
{
"name": "dll_hijacking_via_waas_medic_svc_com_typelib",
"time": 0.0
},
{
"name": "execute_file_downloaded_via_openssh",
"time": 0.0
},
{
"name": "execute_safe_mode_from_suspicious_process",
"time": 0.0
},
{
"name": "execute_scripts_via_microsoft_management_console",
"time": 0.0
},
{
"name": "execute_suspicious_processes_via_windows_mssql_service",
"time": 0.0
},
{
"name": "execution_from_self_extracting_archive",
"time": 0.0
},
{
"name": "ip_address_discovery_via_trusted_program",
"time": 0.0
},
{
"name": "load_dll_via_control_panel",
"time": 0.0
},
{
"name": "network_connection_via_suspicious_process",
"time": 0.0
},
{
"name": "potential_location_discovery_via_unusual_process",
"time": 0.0
},
{
"name": "store_executable_registry",
"time": 0.0
},
{
"name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
"time": 0.0
},
{
"name": "suspicious_java_execution_via_win_scripts",
"time": 0.0
},
{
"name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
"time": 0.0
},
{
"name": "uses_restart_manager_for_suspicious_activities",
"time": 0.0
},
{
"name": "modify_desktop_wallpaper",
"time": 0.0
},
{
"name": "modify_zoneid_ads",
"time": 0.0
},
{
"name": "move_file_on_reboot",
"time": 0.0
},
{
"name": "multiple_useragents",
"time": 0.0
},
{
"name": "network_anomaly",
"time": 0.0
},
{
"name": "network_bind",
"time": 0.0
},
{
"name": "network_cnc_https_archive",
"time": 0.0
},
{
"name": "network_cnc_https_free_webhosting",
"time": 0.0
},
{
"name": "network_cnc_https_generic",
"time": 0.0
},
{
"name": "network_cnc_https_interactsh",
"time": 0.0
},
{
"name": "network_cnc_https_opensource",
"time": 0.0
},
{
"name": "network_cnc_https_pastesite",
"time": 0.0
},
{
"name": "network_cnc_https_payload",
"time": 0.0
},
{
"name": "network_cnc_https_serviceinterface",
"time": 0.0
},
{
"name": "network_cnc_https_socialmedia",
"time": 0.0
},
{
"name": "network_cnc_https_telegram",
"time": 0.0
},
{
"name": "network_cnc_https_tempstorage",
"time": 0.0
},
{
"name": "network_cnc_https_temp_urldns",
"time": 0.0
},
{
"name": "network_cnc_https_urlshortener",
"time": 0.0
},
{
"name": "network_cnc_https_useragent",
"time": 0.0
},
{
"name": "network_cnc_smtps_exfil",
"time": 0.0
},
{
"name": "network_cnc_smtps_generic",
"time": 0.0
},
{
"name": "network_dns_idn",
"time": 0.0
},
{
"name": "network_dns_suspicious_querytype",
"time": 0.0
},
{
"name": "network_dns_tunneling_request",
"time": 0.0
},
{
"name": "network_document_http",
"time": 0.0
},
{
"name": "explorer_http",
"time": 0.0
},
{
"name": "network_fake_useragent",
"time": 0.0
},
{
"name": "legitimate_domain_abuse",
"time": 0.0
},
{
"name": "suspicious_communication_trusted_site",
"time": 0.0
},
{
"name": "network_tor",
"time": 0.0
},
{
"name": "office_com_load",
"time": 0.0
},
{
"name": "office_dotnet_load",
"time": 0.0
},
{
"name": "office_mshtml_load",
"time": 0.0
},
{
"name": "office_vb_load",
"time": 0.0
},
{
"name": "office_wmi_load",
"time": 0.0
},
{
"name": "office_cve2017_11882",
"time": 0.0
},
{
"name": "office_cve2017_11882_network",
"time": 0.0
},
{
"name": "office_cve_2021_40444",
"time": 0.0
},
{
"name": "office_cve_2021_40444_m2",
"time": 0.0
},
{
"name": "office_flash_load",
"time": 0.0
},
{
"name": "office_postscript",
"time": 0.0
},
{
"name": "office_suspicious_processes",
"time": 0.0
},
{
"name": "office_write_exe",
"time": 0.0
},
{
"name": "persistence_via_autodial_dll_registry",
"time": 0.0
},
{
"name": "persistence_autorun",
"time": 0.0
},
{
"name": "persistence_autorun_tasks",
"time": 0.0
},
{
"name": "persistence_bootexecute",
"time": 0.0
},
{
"name": "persistence_registry_script",
"time": 0.0
},
{
"name": "powershell_network_connection",
"time": 0.0
},
{
"name": "powershell_download",
"time": 0.0
},
{
"name": "powershell_request",
"time": 0.0
},
{
"name": "createtoolhelp32snapshot_module_enumeration",
"time": 0.0
},
{
"name": "enumerates_running_processes",
"time": 0.0
},
{
"name": "process_interest",
"time": 0.0
},
{
"name": "process_needed",
"time": 0.0
},
{
"name": "mass_data_encryption",
"time": 0.0
},
{
"name": "ransomware_file_modifications",
"time": 0.0
},
{
"name": "ransomware_message",
"time": 0.0
},
{
"name": "nemty_network_activity",
"time": 0.0
},
{
"name": "nemty_note",
"time": 0.0
},
{
"name": "sodinokibi_behavior",
"time": 0.0
},
{
"name": "stop_ransomware_registry",
"time": 0.0
},
{
"name": "blackrat_apis",
"time": 0.0
},
{
"name": "blackrat_network_activity",
"time": 0.0
},
{
"name": "blackrat_registry_keys",
"time": 0.0
},
{
"name": "dcrat_behavior",
"time": 0.0
},
{
"name": "karagany_system_event_objects",
"time": 0.0
},
{
"name": "rat_luminosity",
"time": 0.0
},
{
"name": "rat_nanocore",
"time": 0.0
},
{
"name": "netwire_behavior",
"time": 0.0
},
{
"name": "obliquerat_network_activity",
"time": 0.0
},
{
"name": "orcusrat_behavior",
"time": 0.0
},
{
"name": "trochilusrat_apis",
"time": 0.0
},
{
"name": "reads_self",
"time": 0.0
},
{
"name": "recon_beacon",
"time": 0.0
},
{
"name": "recon_programs",
"time": 0.0
},
{
"name": "recon_systeminfo",
"time": 0.0
},
{
"name": "accesses_recyclebin",
"time": 0.0
},
{
"name": "remcos_shell_code_dynamic_wrapper_x",
"time": 0.0
},
{
"name": "script_created_process",
"time": 0.0
},
{
"name": "script_network_activity",
"time": 0.0
},
{
"name": "suspicious_js_script",
"time": 0.0
},
{
"name": "javascript_timer",
"time": 0.0
},
{
"name": "secure_login_phishing",
"time": 0.0
},
{
"name": "securityxploded_modules",
"time": 0.0
},
{
"name": "get_clipboard_data",
"time": 0.0
},
{
"name": "sets_autoconfig_url",
"time": 0.0
},
{
"name": "spoofs_procname",
"time": 0.0
},
{
"name": "stack_pivot",
"time": 0.0
},
{
"name": "stack_pivot_file_created",
"time": 0.0
},
{
"name": "stack_pivot_process_create",
"time": 0.0
},
{
"name": "set_clipboard_data",
"time": 0.0
},
{
"name": "stealth_childproc",
"time": 0.0
},
{
"name": "stealth_file",
"time": 0.0
},
{
"name": "stealth_timeout",
"time": 0.0
},
{
"name": "stealth_window",
"time": 0.0
},
{
"name": "queries_keyboard_layout",
"time": 0.0
},
{
"name": "queries_locale_api",
"time": 0.0
},
{
"name": "terminates_remote_process",
"time": 0.0
},
{
"name": "uiautomationcore_load",
"time": 0.0
},
{
"name": "user_enum",
"time": 0.0
},
{
"name": "mmc_dll_script_load",
"time": 0.0
},
{
"name": "mmc_dotnet_load",
"time": 0.0
},
{
"name": "virus",
"time": 0.0
},
{
"name": "neshta_files",
"time": 0.0
},
{
"name": "neshta_regkeys",
"time": 0.0
},
{
"name": "webmail_phish",
"time": 0.0
},
{
"name": "persists_dev_util",
"time": 0.0
},
{
"name": "spawns_dev_util",
"time": 0.0
},
{
"name": "alters_windows_utility",
"time": 0.0
},
{
"name": "overwrites_accessibility_utility",
"time": 0.0
},
{
"name": "Potential_Lateral_Movement_Via_SMBEXEC",
"time": 0.0
},
{
"name": "potential_WebShell_Via_ScreenConnectServer",
"time": 0.0
},
{
"name": "uses_Microsoft_HTML_Help_Executable",
"time": 0.0
},
{
"name": "wiper_zeroedbytes",
"time": 0.0
},
{
"name": "wmi_create_process",
"time": 0.0
},
{
"name": "wmi_script_process",
"time": 0.0
},
{
"name": "antianalysis_tls_section",
"time": 0.0
},
{
"name": "antivirus_clamav",
"time": 0.0
},
{
"name": "antivirus_virustotal",
"time": 0.0
},
{
"name": "bad_certs",
"time": 0.0
},
{
"name": "bad_ssl_certs",
"time": 0.0
},
{
"name": "banker_zeus_p2p",
"time": 0.0
},
{
"name": "banker_zeus_url",
"time": 0.001
},
{
"name": "binary_yara",
"time": 0.0
},
{
"name": "bot_athenahttp",
"time": 0.0
},
{
"name": "bot_dirtjumper",
"time": 0.0
},
{
"name": "bot_drive",
"time": 0.0
},
{
"name": "bot_drive2",
"time": 0.0
},
{
"name": "bot_madness",
"time": 0.0
},
{
"name": "phishing_kit_detected",
"time": 0.0
},
{
"name": "family_proxyback",
"time": 0.0
},
{
"name": "flare_capa_antianalysis",
"time": 0.0
},
{
"name": "flare_capa_collection",
"time": 0.0
},
{
"name": "flare_capa_communication",
"time": 0.0
},
{
"name": "flare_capa_compiler",
"time": 0.0
},
{
"name": "flare_capa_datamanipulation",
"time": 0.0
},
{
"name": "flare_capa_executable",
"time": 0.0
},
{
"name": "flare_capa_hostinteraction",
"time": 0.0
},
{
"name": "flare_capa_impact",
"time": 0.0
},
{
"name": "flare_capa_lib",
"time": 0.0
},
{
"name": "flare_capa_linking",
"time": 0.0
},
{
"name": "flare_capa_loadcode",
"time": 0.0
},
{
"name": "flare_capa_malwarefamily",
"time": 0.0
},
{
"name": "flare_capa_nursery",
"time": 0.0
},
{
"name": "flare_capa_persistence",
"time": 0.0
},
{
"name": "flare_capa_runtime",
"time": 0.0
},
{
"name": "flare_capa_targeting",
"time": 0.0
},
{
"name": "threatfox",
"time": 0.0
},
{
"name": "log4shell",
"time": 0.0
},
{
"name": "mimics_extension",
"time": 0.0
},
{
"name": "network_country_distribution",
"time": 0.0
},
{
"name": "network_cnc_http",
"time": 0.027
},
{
"name": "network_ip_exe",
"time": 0.001
},
{
"name": "network_dga",
"time": 0.0
},
{
"name": "network_dga_fraunhofer",
"time": 0.0
},
{
"name": "network_dyndns",
"time": 0.0
},
{
"name": "network_excessive_udp",
"time": 0.0
},
{
"name": "network_http",
"time": 0.009
},
{
"name": "network_icmp",
"time": 0.0
},
{
"name": "network_irc",
"time": 0.0
},
{
"name": "network_open_proxy",
"time": 0.0
},
{
"name": "network_questionable_http_path",
"time": 0.0
},
{
"name": "network_questionable_https_path",
"time": 0.0
},
{
"name": "network_smtp",
"time": 0.0
},
{
"name": "network_torgateway",
"time": 0.0
},
{
"name": "origin_langid",
"time": 0.0
},
{
"name": "origin_resource_langid",
"time": 0.0
},
{
"name": "overlay",
"time": 0.0
},
{
"name": "packer_unknown_pe_section_name",
"time": 0.0
},
{
"name": "packer_aspack",
"time": 0.0
},
{
"name": "packer_aspirecrypt",
"time": 0.0
},
{
"name": "packer_bedsprotector",
"time": 0.0
},
{
"name": "packer_confuser",
"time": 0.0
},
{
"name": "packer_enigma",
"time": 0.0
},
{
"name": "packer_entropy",
"time": 0.0
},
{
"name": "packer_mpress",
"time": 0.0
},
{
"name": "packer_nate",
"time": 0.0
},
{
"name": "packer_nspack",
"time": 0.0
},
{
"name": "packer_smartassembly",
"time": 0.0
},
{
"name": "packer_spices",
"time": 0.0
},
{
"name": "packer_themida",
"time": 0.0
},
{
"name": "packer_titan",
"time": 0.0
},
{
"name": "packer_upx",
"time": 0.0
},
{
"name": "packer_vmprotect",
"time": 0.0
},
{
"name": "packer_yoda",
"time": 0.0
},
{
"name": "pdf_annot_urls_checker",
"time": 0.0
},
{
"name": "polymorphic",
"time": 0.0
},
{
"name": "punch_plus_plus_pcres",
"time": 0.0
},
{
"name": "procmem_yara",
"time": 0.0
},
{
"name": "recon_checkip",
"time": 0.0
},
{
"name": "static_authenticode",
"time": 0.0
},
{
"name": "invalid_authenticode_signature",
"time": 0.0
},
{
"name": "static_dotnet_anomaly",
"time": 0.0
},
{
"name": "static_java",
"time": 0.0
},
{
"name": "static_pdf",
"time": 0.0
},
{
"name": "contains_pe_overlay",
"time": 0.0
},
{
"name": "static_pe_anomaly",
"time": 0.0
},
{
"name": "pe_compile_timestomping",
"time": 0.0
},
{
"name": "static_pe_pdbpath",
"time": 0.0
},
{
"name": "static_rat_config",
"time": 0.0
},
{
"name": "static_versioninfo_anomaly",
"time": 0.0
},
{
"name": "suricata_alert",
"time": 0.0
},
{
"name": "suspicious_html_body",
"time": 0.0
},
{
"name": "suspicious_html_name",
"time": 0.0
},
{
"name": "suspicious_html_title",
"time": 0.0
},
{
"name": "volatility_devicetree_1",
"time": 0.0
},
{
"name": "volatility_handles_1",
"time": 0.0
},
{
"name": "volatility_ldrmodules_1",
"time": 0.0
},
{
"name": "volatility_ldrmodules_2",
"time": 0.0
},
{
"name": "volatility_malfind_1",
"time": 0.0
},
{
"name": "volatility_malfind_2",
"time": 0.0
},
{
"name": "volatility_modscan_1",
"time": 0.0
},
{
"name": "volatility_svcscan_1",
"time": 0.0
},
{
"name": "volatility_svcscan_2",
"time": 0.0
},
{
"name": "volatility_svcscan_3",
"time": 0.0
},
{
"name": "whois_create",
"time": 0.0
},
{
"name": "accesses_mailslot",
"time": 0.0
},
{
"name": "accesses_netlogon_regkey",
"time": 0.0
},
{
"name": "accesses_public_folder",
"time": 0.0
},
{
"name": "accesses_sysvol",
"time": 0.0
},
{
"name": "writes_sysvol",
"time": 0.0
},
{
"name": "adds_admin_user",
"time": 0.0
},
{
"name": "adds_user",
"time": 0.0
},
{
"name": "overwrites_admin_password",
"time": 0.0
},
{
"name": "antianalysis_detectfile",
"time": 0.002
},
{
"name": "antianalysis_detectreg",
"time": 0.002
},
{
"name": "modify_attachment_manager",
"time": 0.0
},
{
"name": "antiav_detectfile",
"time": 0.004
},
{
"name": "antiav_detectreg",
"time": 0.007
},
{
"name": "antiav_srp",
"time": 0.0
},
{
"name": "antiav_whitespace",
"time": 0.0
},
{
"name": "antidebug_devices",
"time": 0.001
},
{
"name": "antiemu_windefend",
"time": 0.0
},
{
"name": "antiemu_wine_reg",
"time": 0.0
},
{
"name": "antisandbox_cuckoo_files",
"time": 0.0
},
{
"name": "antisandbox_fortinet_files",
"time": 0.0
},
{
"name": "antisandbox_joe_anubis_files",
"time": 0.0
},
{
"name": "antisandbox_sboxie_mutex",
"time": 0.0
},
{
"name": "antisandbox_sunbelt_files",
"time": 0.0
},
{
"name": "antisandbox_threattrack_files",
"time": 0.0
},
{
"name": "antivm_bochs_keys",
"time": 0.0
},
{
"name": "antivm_generic_bios",
"time": 0.0
},
{
"name": "antivm_generic_diskreg",
"time": 0.0
},
{
"name": "antivm_hyperv_keys",
"time": 0.0
},
{
"name": "antivm_parallels_keys",
"time": 0.0
},
{
"name": "antivm_recentdocs",
"time": 0.0
},
{
"name": "antivm_vbox_devices",
"time": 0.0
},
{
"name": "antivm_vbox_files",
"time": 0.002
},
{
"name": "antivm_vbox_keys",
"time": 0.001
},
{
"name": "antivm_vmware_devices",
"time": 0.0
},
{
"name": "antivm_vmware_files",
"time": 0.001
},
{
"name": "antivm_vmware_keys",
"time": 0.001
},
{
"name": "antivm_vmware_mutexes",
"time": 0.0
},
{
"name": "antivm_vpc_files",
"time": 0.0
},
{
"name": "antivm_vpc_keys",
"time": 0.0
},
{
"name": "antivm_vpc_mutex",
"time": 0.0
},
{
"name": "antivm_xen_keys",
"time": 0.0
},
{
"name": "asyncrat_mutex",
"time": 0.0
},
{
"name": "gulpix_behavior",
"time": 0.0
},
{
"name": "ketrican_regkeys",
"time": 0.0
},
{
"name": "okrum_mutexes",
"time": 0.0
},
{
"name": "banker_cridex",
"time": 0.0
},
{
"name": "geodo_banking_trojan",
"time": 0.001
},
{
"name": "banker_spyeye_mutexes",
"time": 0.0
},
{
"name": "banker_zeus_mutex",
"time": 0.0
},
{
"name": "bitcoin_opencl",
"time": 0.0
},
{
"name": "enumerates_physical_drives",
"time": 0.0
},
{
"name": "bot_russkill",
"time": 0.0
},
{
"name": "browser_addon",
"time": 0.0
},
{
"name": "chromium_browser_extension_directory",
"time": 0.0
},
{
"name": "browser_helper_object",
"time": 0.0
},
{
"name": "browser_security",
"time": 0.001
},
{
"name": "browser_startpage",
"time": 0.0
},
{
"name": "ie_disables_process_tab",
"time": 0.0
},
{
"name": "odbcconf_bypass",
"time": 0.0
},
{
"name": "squiblydoo_bypass",
"time": 0.0
},
{
"name": "squiblytwo_bypass",
"time": 0.0
},
{
"name": "bypass_chromium_protection",
"time": 0.0
},
{
"name": "bypass_firewall",
"time": 0.0
},
{
"name": "checks_uac_status",
"time": 0.0
},
{
"name": "uac_bypass_cmstpcom",
"time": 0.0
},
{
"name": "uac_bypass_delegateexecute_sdclt",
"time": 0.0
},
{
"name": "uac_bypass_fodhelper",
"time": 0.0
},
{
"name": "cape_extracted_content",
"time": 0.0
},
{
"name": "carberp_mutex",
"time": 0.0
},
{
"name": "clears_logs",
"time": 0.0
},
{
"name": "cmdline_obfuscation",
"time": 0.0
},
{
"name": "cmdline_switches",
"time": 0.0
},
{
"name": "cmdline_terminate",
"time": 0.0
},
{
"name": "cmdline_forfiles_wildcard",
"time": 0.0
},
{
"name": "cmdline_http_link",
"time": 0.0
},
{
"name": "cmdline_long_string",
"time": 0.0
},
{
"name": "cmdline_reversed_http_link",
"time": 0.0
},
{
"name": "long_commandline",
"time": 0.0
},
{
"name": "powershell_renamed_commandline",
"time": 0.0
},
{
"name": "copies_self",
"time": 0.0
},
{
"name": "credwiz_credentialaccess",
"time": 0.0
},
{
"name": "enables_wdigest",
"time": 0.0
},
{
"name": "vaultcmd_credentialaccess",
"time": 0.0
},
{
"name": "file_credential_store_access",
"time": 0.0
},
{
"name": "file_credential_store_write",
"time": 0.0
},
{
"name": "kerberos_credential_access_via_rubeus",
"time": 0.0
},
{
"name": "registry_credential_dumping",
"time": 0.0
},
{
"name": "registry_credential_store_access",
"time": 0.0
},
{
"name": "registry_lsa_secrets_access",
"time": 0.0
},
{
"name": "comsvcs_credentialdump",
"time": 0.0
},
{
"name": "cryptomining_stratum_command",
"time": 0.0
},
{
"name": "cypherit_mutexes",
"time": 0.0
},
{
"name": "darkcomet_regkeys",
"time": 0.0
},
{
"name": "datop_loader",
"time": 0.0
},
{
"name": "deepfreeze_mutex",
"time": 0.0
},
{
"name": "deletes_executed_files",
"time": 0.0
},
{
"name": "disables_app_launch",
"time": 0.0
},
{
"name": "disables_auto_app_termination",
"time": 0.0
},
{
"name": "disables_appv_virtualization",
"time": 0.0
},
{
"name": "disables_backups",
"time": 0.001
},
{
"name": "disables_browser_warn",
"time": 0.001
},
{
"name": "disables_context_menus",
"time": 0.0
},
{
"name": "disables_cpl_disable",
"time": 0.0
},
{
"name": "disables_crashdumps",
"time": 0.0
},
{
"name": "disables_event_logging",
"time": 0.0
},
{
"name": "disables_folder_options",
"time": 0.0
},
{
"name": "disables_notificationcenter",
"time": 0.0
},
{
"name": "disables_power_options",
"time": 0.001
},
{
"name": "disables_restore_default_state",
"time": 0.0
},
{
"name": "disables_run_command",
"time": 0.0
},
{
"name": "disables_smartscreen",
"time": 0.0
},
{
"name": "disables_startmenu_search",
"time": 0.0
},
{
"name": "disables_system_restore",
"time": 0.0
},
{
"name": "disables_uac",
"time": 0.0
},
{
"name": "disables_wer",
"time": 0.0
},
{
"name": "disables_windows_defender",
"time": 0.0
},
{
"name": "disables_windows_defender_logging",
"time": 0.0
},
{
"name": "removes_windows_defender_contextmenu",
"time": 0.0
},
{
"name": "removes_windows_defender_updates",
"time": 0.0
},
{
"name": "windows_defender_powershell",
"time": 0.0
},
{
"name": "disables_windows_file_protection",
"time": 0.0
},
{
"name": "disables_windowsupdate",
"time": 0.0
},
{
"name": "disables_winfirewall",
"time": 0.0
},
{
"name": "discover_registry_mount_points",
"time": 0.0
},
{
"name": "adfind_domain_enumeration",
"time": 0.0
},
{
"name": "domain_enumeration_commands",
"time": 0.0
},
{
"name": "andromut_mutexes",
"time": 0.0
},
{
"name": "downloader_cabby",
"time": 0.0
},
{
"name": "phorpiex_mutexes",
"time": 0.0
},
{
"name": "protonbot_mutexes",
"time": 0.0
},
{
"name": "driver_filtermanager",
"time": 0.0
},
{
"name": "dropper",
"time": 0.0
},
{
"name": "dll_archive_execution",
"time": 0.0
},
{
"name": "lnk_archive_execution",
"time": 0.0
},
{
"name": "script_archive_execution",
"time": 0.0
},
{
"name": "excel4_macro_urls",
"time": 0.0
},
{
"name": "escalate_privilege_via_ntlm_relay",
"time": 0.0
},
{
"name": "spooler_access",
"time": 0.0
},
{
"name": "spooler_svc_start",
"time": 0.0
},
{
"name": "mapped_drives_uac",
"time": 0.0
},
{
"name": "hides_recycle_bin_icon",
"time": 0.0
},
{
"name": "apocalypse_stealer_file_behavior",
"time": 0.0
},
{
"name": "arkei_files",
"time": 0.0
},
{
"name": "azorult_mutexes",
"time": 0.001
},
{
"name": "infostealer_bitcoin",
"time": 0.002
},
{
"name": "cryptbot_files",
"time": 0.0
},
{
"name": "echelon_files",
"time": 0.001
},
{
"name": "infostealer_ftp",
"time": 0.004
},
{
"name": "infostealer_im",
"time": 0.002
},
{
"name": "infostealer_mail",
"time": 0.002
},
{
"name": "masslogger_files",
"time": 0.0
},
{
"name": "poullight_files",
"time": 0.001
},
{
"name": "purplewave_mutexes",
"time": 0.0
},
{
"name": "quilclipper_mutexes",
"time": 0.0
},
{
"name": "qulab_files",
"time": 0.001
},
{
"name": "qulab_mutexes",
"time": 0.0
},
{
"name": "asyncrat_mutex",
"time": 0.0
},
{
"name": "Evade_Execution_Via_ASPNet_Compiler",
"time": 0.0
},
{
"name": "Evade_Execute_Via_DeviceCredentialDeployment",
"time": 0.0
},
{
"name": "Evade_Execution_Via_Filter_Manager_Control",
"time": 0.0
},
{
"name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
"time": 0.0
},
{
"name": "execute_binary_via_appvlp",
"time": 0.0
},
{
"name": "execute_binary_via_pcalua",
"time": 0.0
},
{
"name": "Execute_Binary_Via_OpenSSH",
"time": 0.0
},
{
"name": "execute_binary_via_pcalua",
"time": 0.0
},
{
"name": "Execute_Binary_Via_PesterPSModule",
"time": 0.0
},
{
"name": "Execute_Binary_Via_ScriptRunner",
"time": 0.0
},
{
"name": "execute_binary_via_ttdinject",
"time": 0.0
},
{
"name": "Execute_Binary_Via_VisualStudioLiveShare",
"time": 0.0
},
{
"name": "Execute_Msiexec_Via_Explorer",
"time": 0.0
},
{
"name": "execute_remote_msi",
"time": 0.0
},
{
"name": "execute_suspicious_powershell_via_runscripthelper",
"time": 0.0
},
{
"name": "execute_suspicious_powershell_via_sqlps",
"time": 0.0
},
{
"name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
"time": 0.0
},
{
"name": "Perform_Malicious_Activities_Via_Headless_Browser",
"time": 0.0
},
{
"name": "Register_DLL_Via_CertOC",
"time": 0.0
},
{
"name": "Register_DLL_Via_MSIEXEC",
"time": 0.0
},
{
"name": "Register_DLL_Via_Odbcconf",
"time": 0.0
},
{
"name": "Scriptlet_Proxy_Execution_Via_Pubprn",
"time": 0.0
},
{
"name": "ie_martian_children",
"time": 0.0
},
{
"name": "office_martian_children",
"time": 0.0
},
{
"name": "mimics_icon",
"time": 0.0
},
{
"name": "masquerade_process_name",
"time": 0.002
},
{
"name": "mimikatz_modules",
"time": 0.0
},
{
"name": "ms_office_cmd_rce",
"time": 0.0
},
{
"name": "mount_copy_to_webdav_share",
"time": 0.0
},
{
"name": "potential_protocol_tunneling_via_legit_utilities",
"time": 0.0
},
{
"name": "potential_protocol_tunneling_via_qemu",
"time": 0.0
},
{
"name": "suspicious_execution_via_dotnet_remoting",
"time": 0.0
},
{
"name": "modify_certs",
"time": 0.0
},
{
"name": "dotnet_clr_usagelog_regkeys",
"time": 0.0
},
{
"name": "modify_hostfile",
"time": 0.0
},
{
"name": "modify_oem_information",
"time": 0.0
},
{
"name": "modify_security_center_warnings",
"time": 0.0
},
{
"name": "modify_uac_prompt",
"time": 0.0
},
{
"name": "network_dns_blockchain",
"time": 0.0
},
{
"name": "network_dns_opennic",
"time": 0.0
},
{
"name": "network_dns_paste_site",
"time": 0.0
},
{
"name": "network_dns_reverse_proxy",
"time": 0.0
},
{
"name": "network_dns_temp_file_storage",
"time": 0.0
},
{
"name": "network_dns_temp_urldns",
"time": 0.0
},
{
"name": "network_dns_url_shortener",
"time": 0.0
},
{
"name": "network_dns_doh_tls",
"time": 0.0
},
{
"name": "suspicious_tld",
"time": 0.0
},
{
"name": "network_tor_service",
"time": 0.0
},
{
"name": "office_code_page",
"time": 0.0
},
{
"name": "office_addinloading",
"time": 0.0
},
{
"name": "office_perfkey",
"time": 0.0
},
{
"name": "office_macro",
"time": 0.0
},
{
"name": "changes_trust_center_settings",
"time": 0.0
},
{
"name": "disables_vba_trust_access",
"time": 0.0
},
{
"name": "office_macro_autoexecution",
"time": 0.0
},
{
"name": "office_macro_ioc",
"time": 0.0
},
{
"name": "office_macro_malicious_prediction",
"time": 0.0
},
{
"name": "office_macro_suspicious",
"time": 0.0
},
{
"name": "rtf_aslr_bypass",
"time": 0.0
},
{
"name": "rtf_anomaly_characterset",
"time": 0.0
},
{
"name": "rtf_anomaly_version",
"time": 0.0
},
{
"name": "rtf_embedded_content",
"time": 0.0
},
{
"name": "rtf_embedded_office_file",
"time": 0.0
},
{
"name": "rtf_exploit_static",
"time": 0.0
},
{
"name": "office_security",
"time": 0.0
},
{
"name": "accesses_office_username",
"time": 0.0
},
{
"name": "office_anomalous_feature",
"time": 0.0
},
{
"name": "office_dde_command",
"time": 0.0
},
{
"name": "packer_armadillo_mutex",
"time": 0.0
},
{
"name": "packer_armadillo_regkey",
"time": 0.0
},
{
"name": "persistence_ads",
"time": 0.0
},
{
"name": "persistence_safeboot",
"time": 0.0
},
{
"name": "persistence_ifeo",
"time": 0.0
},
{
"name": "persistence_silent_process_exit",
"time": 0.0
},
{
"name": "persistence_rdp_registry",
"time": 0.0
},
{
"name": "persistence_rdp_shadowing",
"time": 0.0
},
{
"name": "persistence_service",
"time": 0.0
},
{
"name": "persistence_shim_database",
"time": 0.0
},
{
"name": "powerpool_mutexes",
"time": 0.0
},
{
"name": "powershell_scriptblock_logging",
"time": 0.0
},
{
"name": "powershell_command_suspicious",
"time": 0.0
},
{
"name": "powershell_history_save_mod",
"time": 0.0
},
{
"name": "powershell_renamed",
"time": 0.0
},
{
"name": "powershell_reversed",
"time": 0.0
},
{
"name": "powershell_variable_obfuscation",
"time": 0.0
},
{
"name": "prevents_safeboot",
"time": 0.0
},
{
"name": "cmdline_process_discovery",
"time": 0.0
},
{
"name": "cryptomix_mutexes",
"time": 0.0
},
{
"name": "dharma_mutexes",
"time": 0.0
},
{
"name": "ransomware_extensions_generic",
"time": 0.0
},
{
"name": "ransomware_extensions_known",
"time": 0.004
},
{
"name": "ransomware_files",
"time": 0.006
},
{
"name": "fonix_mutexes",
"time": 0.0
},
{
"name": "gandcrab_mutexes",
"time": 0.0
},
{
"name": "germanwiper_mutexes",
"time": 0.0
},
{
"name": "medusalocker_mutexes",
"time": 0.0
},
{
"name": "medusalocker_regkeys",
"time": 0.0
},
{
"name": "nemty_mutexes",
"time": 0.0
},
{
"name": "nemty_regkeys",
"time": 0.0
},
{
"name": "pysa_mutexes",
"time": 0.0
},
{
"name": "ransomware_radamant",
"time": 0.0
},
{
"name": "ransomware_recyclebin",
"time": 0.0
},
{
"name": "revil_mutexes",
"time": 0.001
},
{
"name": "ransomware_revil_regkey",
"time": 0.0
},
{
"name": "satan_mutexes",
"time": 0.0
},
{
"name": "snake_ransom_mutexes",
"time": 0.0
},
{
"name": "stop_ransom_mutexes",
"time": 0.0
},
{
"name": "stop_ransomware_cmd",
"time": 0.0
},
{
"name": "ransomware_stopdjvu",
"time": 0.0
},
{
"name": "rat_beebus_mutexes",
"time": 0.0
},
{
"name": "blacknet_mutexes",
"time": 0.0
},
{
"name": "blackrat_mutexes",
"time": 0.0
},
{
"name": "crat_mutexes",
"time": 0.0
},
{
"name": "dcrat_files",
"time": 0.0
},
{
"name": "dcrat_mutexes",
"time": 0.0
},
{
"name": "rat_fynloski_mutexes",
"time": 0.0
},
{
"name": "limerat_mutexes",
"time": 0.0
},
{
"name": "limerat_regkeys",
"time": 0.0
},
{
"name": "lodarat_file_behavior",
"time": 0.0
},
{
"name": "modirat_behavior",
"time": 0.0
},
{
"name": "njrat_regkeys",
"time": 0.0
},
{
"name": "obliquerat_files",
"time": 0.0
},
{
"name": "obliquerat_mutexes",
"time": 0.0
},
{
"name": "parallax_mutexes",
"time": 0.0
},
{
"name": "rat_pcclient",
"time": 0.0
},
{
"name": "rat_plugx_mutexes",
"time": 0.0
},
{
"name": "rat_poisonivy_mutexes",
"time": 0.0
},
{
"name": "rat_quasar_mutexes",
"time": 0.0
},
{
"name": "ratsnif_mutexes",
"time": 0.0
},
{
"name": "rat_spynet",
"time": 0.0
},
{
"name": "venomrat_mutexes",
"time": 0.0
},
{
"name": "warzonerat_files",
"time": 0.0
},
{
"name": "warzonerat_regkeys",
"time": 0.0
},
{
"name": "xpertrat_files",
"time": 0.0
},
{
"name": "xpertrat_mutexes",
"time": 0.0
},
{
"name": "rat_xtreme_mutexes",
"time": 0.0
},
{
"name": "reads_password_database",
"time": 0.0
},
{
"name": "recon_fingerprint",
"time": 0.001
},
{
"name": "remcos_files",
"time": 0.0
},
{
"name": "remcos_mutexes",
"time": 0.0
},
{
"name": "remcos_regkeys",
"time": 0.0
},
{
"name": "rdptcp_key",
"time": 0.0
},
{
"name": "uses_rdp_clip",
"time": 0.0
},
{
"name": "uses_remote_desktop_session",
"time": 0.0
},
{
"name": "removes_networking_icon",
"time": 0.0
},
{
"name": "removes_pinned_programs",
"time": 0.0
},
{
"name": "removes_security_maintenance_icon",
"time": 0.0
},
{
"name": "removes_startmenu_defaults",
"time": 0.0
},
{
"name": "removes_username_startmenu",
"time": 0.0
},
{
"name": "spicyhotpot_behavior",
"time": 0.0
},
{
"name": "sniffer_winpcap",
"time": 0.0
},
{
"name": "spreading_autoruninf",
"time": 0.0
},
{
"name": "stealth_hidden_extension",
"time": 0.0
},
{
"name": "stealth_hiddenreg",
"time": 0.0
},
{
"name": "stealth_hide_notifications",
"time": 0.0
},
{
"name": "stealth_webhistory",
"time": 0.0
},
{
"name": "sysinternals_psexec",
"time": 0.0
},
{
"name": "sysinternals_tools",
"time": 0.0
},
{
"name": "language_check_registry",
"time": 0.0
},
{
"name": "tampers_etw",
"time": 0.0
},
{
"name": "lsa_tampering",
"time": 0.0
},
{
"name": "tampers_powershell_logging",
"time": 0.0
},
{
"name": "targeted_flame",
"time": 0.0
},
{
"name": "territorial_disputes_sigs",
"time": 0.003
},
{
"name": "trickbot_mutex",
"time": 0.0
},
{
"name": "fleercivet_mutex",
"time": 0.0
},
{
"name": "lokibot_mutexes",
"time": 0.001
},
{
"name": "ursnif_behavior",
"time": 0.001
},
{
"name": "uses_adfind",
"time": 0.0
},
{
"name": "uses_ms_protocol",
"time": 0.0
},
{
"name": "neshta_mutexes",
"time": 0.0
},
{
"name": "renamer_mutexes",
"time": 0.0
},
{
"name": "owa_web_shell_files",
"time": 0.0
},
{
"name": "web_shell_files",
"time": 0.0
},
{
"name": "web_shell_processes",
"time": 0.0
},
{
"name": "dotnet_csc_build",
"time": 0.0
},
{
"name": "mavinject_lolbin",
"time": 0.0
},
{
"name": "multiple_explorer_instances",
"time": 0.0
},
{
"name": "script_tool_executed",
"time": 0.0
},
{
"name": "suspicious_certutil_use",
"time": 0.0
},
{
"name": "suspicious_command_tools",
"time": 0.0
},
{
"name": "suspicious_mpcmdrun_use",
"time": 0.0
},
{
"name": "suspicious_ping_use",
"time": 0.0
},
{
"name": "uses_powershell_copyitem",
"time": 0.0
},
{
"name": "uses_windows_utilities",
"time": 0.0
},
{
"name": "uses_windows_utilities_appcmd",
"time": 0.0
},
{
"name": "uses_windows_utilities_csvde_ldifde",
"time": 0.0
},
{
"name": "uses_windows_utilities_cipher",
"time": 0.0
},
{
"name": "uses_windows_utilities_clickonce",
"time": 0.0
},
{
"name": "uses_windows_utilities_curl",
"time": 0.0
},
{
"name": "uses_windows_utilities_dsquery",
"time": 0.0
},
{
"name": "uses_windows_utilities_esentutl",
"time": 0.0
},
{
"name": "uses_windows_utilities_finger",
"time": 0.0
},
{
"name": "uses_windows_utilities_mode",
"time": 0.0
},
{
"name": "uses_windows_utilities_ntdsutil",
"time": 0.0
},
{
"name": "uses_windows_utilities_nltest",
"time": 0.0
},
{
"name": "uses_windows_utilities_setx",
"time": 0.0
},
{
"name": "uses_windows_utilities_xcopy",
"time": 0.0
},
{
"name": "wmic_command_suspicious",
"time": 0.0
},
{
"name": "scrcons_wmi_script_consumer",
"time": 0.0
},
{
"name": "allaple_mutexes",
"time": 0.0
}
],
"reporting": [
{
"name": "BinGraph",
"time": 0.0
}
]
},
"detections": [
{
"family": "Phantomremote",
"details": [
{
"VirusTotal": "c9c6ab6c4051f649d7da8acd12ffbf26f8eaeb6c1ace6df290f944ce2992b35a"
}
]
}
],
"target": {
"category": "file",
"file": {
"name": "sample_from_94fc2177.dll",
"path": "/opt/CAPEv2/storage/binaries/c9c6ab6c4051f649d7da8acd12ffbf26f8eaeb6c1ace6df290f944ce2992b35a",
"guest_paths": "",
"size": 655360,
"crc32": "CC7AC173",
"md5": "5abd96ba0adce161517b32097bd2acd3",
"sha1": "20eb206964b6f02eea4719e9ab42bc2a786af65f",
"sha256": "c9c6ab6c4051f649d7da8acd12ffbf26f8eaeb6c1ace6df290f944ce2992b35a",
"sha512": "15431ed291afd2a972685018bf093a32feaf58581f170d915957656b2571bacbbf6cf635dfc32f0d6390f85014f2e45f6a6e6ba58596b0f15b615bdb97c87aab",
"rh_hash": null,
"ssdeep": "12288:QPlhw6UTcci9AAyxY4b0Pj/bMzncwUTt9ezX:QjwVcci9Lyx0Pj/mcwh",
"type": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"yara": [
{
"name": "IsPE64",
"meta": {},
"strings": [],
"addresses": {}
},
{
"name": "IsDLL",
"meta": {},
"strings": [],
"addresses": {}
},
{
"name": "IsWindowsGUI",
"meta": {},
"strings": [],
"addresses": {}
}
],
"cape_yara": [],
"clamav": [],
"tlsh": "T17FD49C08E552D2EDD257C17186920B29A7B2B4B10518AFFB21B2C7B01FABBF85F5C711",
"sha3_384": "76ca763a32e5ef49f12799e57cc0fae15c2703c710ed4616ae3bb6fdfd04172f6991d12d308b11e1666ad2abb3d93f25",
"yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
"options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
"pe": {
"guest_signers": {
"aux_sha1": null,
"aux_timestamp": null,
"aux_valid": false,
"aux_error": true,
"aux_error_desc": "No signature found.",
"aux_signers": []
},
"digital_signers": [],
"imagebase": "0x180000000",
"entrypoint": "0x00061e20",
"ep_bytes": "48895c24084889742410574883ec2049",
"peid_signatures": null,
"reported_checksum": "0x00000000",
"actual_checksum": "0x000ab518",
"osversion": "4.0",
"machine_type": "IMAGE_FILE_MACHINE_AMD64",
"pdbpath": null,
"imports": {
"WINHTTP": {
"dll": "WINHTTP.dll",
"imports": [
{
"address": "0x180090ed0",
"name": "WinHttpCloseHandle"
},
{
"address": "0x180090ed8",
"name": "WinHttpConnect"
},
{
"address": "0x180090ee0",
"name": "WinHttpCrackUrl"
},
{
"address": "0x180090ee8",
"name": "WinHttpOpen"
},
{
"address": "0x180090ef0",
"name": "WinHttpOpenRequest"
},
{
"address": "0x180090ef8",
"name": "WinHttpReadData"
},
{
"address": "0x180090f00",
"name": "WinHttpReceiveResponse"
},
{
"address": "0x180090f08",
"name": "WinHttpSendRequest"
},
{
"address": "0x180090f10",
"name": "WinHttpSetTimeouts"
}
]
},
"KERNEL32": {
"dll": "KERNEL32.dll",
"imports": [
{
"address": "0x180090f20",
"name": "AcquireSRWLockExclusive"
},
{
"address": "0x180090f28",
"name": "CloseHandle"
},
{
"address": "0x180090f30",
"name": "CreateDirectoryW"
},
{
"address": "0x180090f38",
"name": "CreateFileW"
},
{
"address": "0x180090f40",
"name": "CreatePipe"
},
{
"address": "0x180090f48",
"name": "CreateProcessW"
},
{
"address": "0x180090f50",
"name": "CreateThread"
},
{
"address": "0x180090f58",
"name": "DecodePointer"
},
{
"address": "0x180090f60",
"name": "DeleteCriticalSection"
},
{
"address": "0x180090f68",
"name": "EncodePointer"
},
{
"address": "0x180090f70",
"name": "EnterCriticalSection"
},
{
"address": "0x180090f78",
"name": "EnumSystemLocalesW"
},
{
"address": "0x180090f80",
"name": "ExitProcess"
},
{
"address": "0x180090f88",
"name": "ExitThread"
},
{
"address": "0x180090f90",
"name": "FindClose"
},
{
"address": "0x180090f98",
"name": "FindFirstFileExW"
},
{
"address": "0x180090fa0",
"name": "FindNextFileW"
},
{
"address": "0x180090fa8",
"name": "FlsAlloc"
},
{
"address": "0x180090fb0",
"name": "FlsFree"
},
{
"address": "0x180090fb8",
"name": "FlsGetValue"
},
{
"address": "0x180090fc0",
"name": "FlsSetValue"
},
{
"address": "0x180090fc8",
"name": "FlushFileBuffers"
},
{
"address": "0x180090fd0",
"name": "FormatMessageA"
},
{
"address": "0x180090fd8",
"name": "FreeEnvironmentStringsW"
},
{
"address": "0x180090fe0",
"name": "FreeLibrary"
},
{
"address": "0x180090fe8",
"name": "FreeLibraryAndExitThread"
},
{
"address": "0x180090ff0",
"name": "GetACP"
},
{
"address": "0x180090ff8",
"name": "GetCPInfo"
},
{
"address": "0x180091000",
"name": "GetCommandLineA"
},
{
"address": "0x180091008",
"name": "GetCommandLineW"
},
{
"address": "0x180091010",
"name": "GetComputerNameExW"
},
{
"address": "0x180091018",
"name": "GetComputerNameW"
},
{
"address": "0x180091020",
"name": "GetConsoleMode"
},
{
"address": "0x180091028",
"name": "GetConsoleOutputCP"
},
{
"address": "0x180091030",
"name": "GetCurrentProcess"
},
{
"address": "0x180091038",
"name": "GetCurrentProcessId"
},
{
"address": "0x180091040",
"name": "GetCurrentThreadId"
},
{
"address": "0x180091048",
"name": "GetEnvironmentStringsW"
},
{
"address": "0x180091050",
"name": "GetFileSizeEx"
},
{
"address": "0x180091058",
"name": "GetFileType"
},
{
"address": "0x180091060",
"name": "GetLastError"
},
{
"address": "0x180091068",
"name": "GetLocaleInfoEx"
},
{
"address": "0x180091070",
"name": "GetLocaleInfoW"
},
{
"address": "0x180091078",
"name": "GetModuleFileNameW"
},
{
"address": "0x180091080",
"name": "GetModuleHandleExW"
},
{
"address": "0x180091088",
"name": "GetModuleHandleW"
},
{
"address": "0x180091090",
"name": "GetOEMCP"
},
{
"address": "0x180091098",
"name": "GetProcAddress"
},
{
"address": "0x1800910a0",
"name": "GetProcessHeap"
},
{
"address": "0x1800910a8",
"name": "GetStartupInfoW"
},
{
"address": "0x1800910b0",
"name": "GetStdHandle"
},
{
"address": "0x1800910b8",
"name": "GetStringTypeW"
},
{
"address": "0x1800910c0",
"name": "GetSystemTimeAsFileTime"
},
{
"address": "0x1800910c8",
"name": "GetUserDefaultLCID"
},
{
"address": "0x1800910d0",
"name": "HeapAlloc"
},
{
"address": "0x1800910d8",
"name": "HeapFree"
},
{
"address": "0x1800910e0",
"name": "HeapReAlloc"
},
{
"address": "0x1800910e8",
"name": "HeapSize"
},
{
"address": "0x1800910f0",
"name": "InitializeCriticalSectionAndSpinCount"
},
{
"address": "0x1800910f8",
"name": "InitializeCriticalSectionEx"
},
{
"address": "0x180091100",
"name": "InitializeSListHead"
},
{
"address": "0x180091108",
"name": "InterlockedFlushSList"
},
{
"address": "0x180091110",
"name": "IsDebuggerPresent"
},
{
"address": "0x180091118",
"name": "IsProcessorFeaturePresent"
},
{
"address": "0x180091120",
"name": "IsValidCodePage"
},
{
"address": "0x180091128",
"name": "IsValidLocale"
},
{
"address": "0x180091130",
"name": "LCMapStringEx"
},
{
"address": "0x180091138",
"name": "LCMapStringW"
},
{
"address": "0x180091140",
"name": "LeaveCriticalSection"
},
{
"address": "0x180091148",
"name": "LoadLibraryExW"
},
{
"address": "0x180091150",
"name": "LocalFree"
},
{
"address": "0x180091158",
"name": "MultiByteToWideChar"
},
{
"address": "0x180091160",
"name": "QueryPerformanceCounter"
},
{
"address": "0x180091168",
"name": "RaiseException"
},
{
"address": "0x180091170",
"name": "ReadConsoleW"
},
{
"address": "0x180091178",
"name": "ReadFile"
},
{
"address": "0x180091180",
"name": "ReleaseSRWLockExclusive"
},
{
"address": "0x180091188",
"name": "RtlCaptureContext"
},
{
"address": "0x180091190",
"name": "RtlLookupFunctionEntry"
},
{
"address": "0x180091198",
"name": "RtlPcToFileHeader"
},
{
"address": "0x1800911a0",
"name": "RtlUnwind"
},
{
"address": "0x1800911a8",
"name": "RtlUnwindEx"
},
{
"address": "0x1800911b0",
"name": "RtlVirtualUnwind"
},
{
"address": "0x1800911b8",
"name": "SetEndOfFile"
},
{
"address": "0x1800911c0",
"name": "SetFilePointerEx"
},
{
"address": "0x1800911c8",
"name": "SetHandleInformation"
},
{
"address": "0x1800911d0",
"name": "SetLastError"
},
{
"address": "0x1800911d8",
"name": "SetStdHandle"
},
{
"address": "0x1800911e0",
"name": "SetUnhandledExceptionFilter"
},
{
"address": "0x1800911e8",
"name": "Sleep"
},
{
"address": "0x1800911f0",
"name": "SleepConditionVariableSRW"
},
{
"address": "0x1800911f8",
"name": "TerminateProcess"
},
{
"address": "0x180091200",
"name": "TlsAlloc"
},
{
"address": "0x180091208",
"name": "TlsFree"
},
{
"address": "0x180091210",
"name": "TlsGetValue"
},
{
"address": "0x180091218",
"name": "TlsSetValue"
},
{
"address": "0x180091220",
"name": "UnhandledExceptionFilter"
},
{
"address": "0x180091228",
"name": "WaitForSingleObject"
},
{
"address": "0x180091230",
"name": "WakeAllConditionVariable"
},
{
"address": "0x180091238",
"name": "WideCharToMultiByte"
},
{
"address": "0x180091240",
"name": "WriteConsoleW"
},
{
"address": "0x180091248",
"name": "WriteFile"
}
]
},
"ole32": {
"dll": "ole32.dll",
"imports": [
{
"address": "0x180091258",
"name": "CoCreateGuid"
},
{
"address": "0x180091260",
"name": "CoInitialize"
},
{
"address": "0x180091268",
"name": "StringFromGUID2"
}
]
}
},
"exported_dll_name": "remote.dll",
"exports": [
{
"address": "0x1800080b0",
"name": "EntryPoint",
"ordinal": 1
}
],
"dirents": [
{
"name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
"virtual_address": "0x00090a90",
"size": "0x00000048"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
"virtual_address": "0x00090ad8",
"size": "0x00000050"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
"virtual_address": "0x000a6000",
"size": "0x000001d8"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
"virtual_address": "0x0009e000",
"size": "0x000032b8"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
"virtual_address": "0x00000000",
"size": "0x00000000"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
"virtual_address": "0x000a7000",
"size": "0x00000f30"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
"virtual_address": "0x00000000",
"size": "0x00000000"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
"virtual_address": "0x00000000",
"size": "0x00000000"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
"virtual_address": "0x00000000",
"size": "0x00000000"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_TLS",
"virtual_address": "0x0008c500",
"size": "0x00000028"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
"virtual_address": "0x00085e00",
"size": "0x00000140"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
"virtual_address": "0x00000000",
"size": "0x00000000"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_IAT",
"virtual_address": "0x00090ed0",
"size": "0x000003a8"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
"virtual_address": "0x00000000",
"size": "0x00000000"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
"virtual_address": "0x00000000",
"size": "0x00000000"
},
{
"name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
"virtual_address": "0x00000000",
"size": "0x00000000"
}
],
"sections": [
{
"name": ".text",
"raw_address": "0x00000400",
"virtual_address": "0x00001000",
"virtual_size": "0x00082fc6",
"size_of_data": "0x00083000",
"characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x60000020",
"entropy": "6.83"
},
{
"name": ".rdata",
"raw_address": "0x00083400",
"virtual_address": "0x00084000",
"virtual_size": "0x000136f4",
"size_of_data": "0x00013800",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x40000040",
"entropy": "5.07"
},
{
"name": ".data",
"raw_address": "0x00096c00",
"virtual_address": "0x00098000",
"virtual_size": "0x00005aac",
"size_of_data": "0x00002a00",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
"characteristics_raw": "0xc0000040",
"entropy": "5.89"
},
{
"name": ".pdata",
"raw_address": "0x00099600",
"virtual_address": "0x0009e000",
"virtual_size": "0x000032b8",
"size_of_data": "0x00003400",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x40000040",
"entropy": "5.70"
},
{
"name": ".gxfg",
"raw_address": "0x0009ca00",
"virtual_address": "0x000a2000",
"virtual_size": "0x00001fe0",
"size_of_data": "0x00002000",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x40000040",
"entropy": "5.17"
},
{
"name": ".tls",
"raw_address": "0x0009ea00",
"virtual_address": "0x000a4000",
"virtual_size": "0x00000181",
"size_of_data": "0x00000200",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
"characteristics_raw": "0xc0000040",
"entropy": "0.02"
},
{
"name": "_RDATA",
"raw_address": "0x0009ec00",
"virtual_address": "0x000a5000",
"virtual_size": "0x000001f4",
"size_of_data": "0x00000200",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x40000040",
"entropy": "4.24"
},
{
"name": ".rsrc",
"raw_address": "0x0009ee00",
"virtual_address": "0x000a6000",
"virtual_size": "0x000001d8",
"size_of_data": "0x00000200",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x40000040",
"entropy": "4.60"
},
{
"name": ".reloc",
"raw_address": "0x0009f000",
"virtual_address": "0x000a7000",
"virtual_size": "0x00000f30",
"size_of_data": "0x00001000",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x42000040",
"entropy": "5.36"
}
],
"overlay": null,
"resources": [
{
"name": "RT_MANIFEST",
"offset": "0x000a6060",
"size": "0x00000173",
"filetype": null,
"language": "LANG_ENGLISH",
"sublanguage": "SUBLANG_ENGLISH_US",
"entropy": "4.86"
}
],
"versioninfo": [],
"imphash": "01a66d44fed33e456d3af9662bbdf7b9",
"timestamp": "2025-10-08 07:08:37",
"icon": null,
"icon_hash": null,
"icon_fuzzy": null,
"icon_dhash": null,
"imported_dll_count": 3
},
"data": null,
"strings": [
"-ffff.",
"!ffffff.",
"frexp",
"ext-ms-",
" [_^A^A_",
"az-AZ-Cyrl",
"es-CL",
"WM>HD",
"fE9,Fu",
"is a directory",
"[]_^A\\A]A^A_",
"/fff.",
"belgian",
"D8t$ht",
"bad locale name",
"sa-in",
"D$Hf;",
" new[]",
"%CRdA",
"\"cUxu>M",
"WinHttpOpen",
".?AVbad_exception@std@@",
"holland",
"quz-pe",
"(D$0f",
"@8{(u",
"f;\\$L",
"LocalFree",
")>6{1n",
"fa-IR",
"owner dead",
"hong-kong",
"SetLastError",
"D$h9t$P",
"0A_A^A\\",
"protocol not supported",
"K~Je#>!",
"api-ms-win-rtcore-ntuser-window-l1-1-0",
"BB\\'G",
"LCIDToLocaleName",
"1zfhl",
"en-PH",
"zh-sg",
"K\\ff.",
"ar-om",
"\\Z{>Y",
"french-luxembourg",
"1#SNAN",
"ar-iq",
"January",
"lv-LV",
"not a stream",
"he-il",
"es-gt",
"FindFirstFileExW",
"S(HcS0",
"|$(E3",
"L$Hf;",
"s WATAUAVAWH",
"string too long",
"",
" ",
"D$xf;",
"e([_^A\\A]A^A_]",
"D$(H;",
" !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
"&ffff.",
"@SVWH",
"ar-ae",
"de-de",
"GetModuleFileNameW",
"r| NVt",
"InitializeCriticalSectionAndSpinCount",
"french-swiss",
"ntelA",
"`vector constructor iterator'",
"CloseHandle",
"@8k(t",
"AVVWSH",
"D$pfA;",
"L$49K",
"4zfhl",
"french-canadian",
"UVWSH",
"WAVAWH",
"cy-GB",
" Type Descriptor'",
"2?i=E",
".?AV?$ctype@D@std@@",
"&domain=",
"[_^A\\A^A_]",
"id-id",
"england",
"D$0HcH",
"m rgu",
"user32",
"`eh vector vbase constructor iterator'",
"en-GB",
"u+!D$0",
"f;\\$D",
"gu-in",
"UWAVH",
"=R \"Au",
"H'",
"quz-EC",
";D$hsL",
"@.reloc",
"AreFileApisANSI",
"D$ I;R",
"en-ph",
"nn-no",
"February",
"kernel32.dll",
"+L$HA",
" A_A^A\\_^",
"A^A]A\\_^[]",
"\\$ UVWATAUAVAWH",
"!x-sys-default-locale",
"fD9,Au",
"WinHttpCrackUrl",
"F,u=H",
"AWAVAUATVWUS",
"[]_^A^",
"T$PD+",
"operator co_await",
" A_A^_",
".?AU_Crt_new_delete@std@@",
"d$IfD",
"`string'",
"@b;zO]",
"=i]mcu",
"bad allocation",
"directory not empty",
"L$hH#",
"zM^G",
"D$8f;",
"operation not permitted",
"0A^A\\_",
"i#I'M;",
"ntdll",
"CreateProcessW",
"new-zealand",
"L$@H3",
"L$`;M",
"se-se",
"L$0H;",
"es-uy",
"hi-in",
".?AV_System_error@std@@",
"D8L$0u`",
"|$`CI",
"[Utf8Conv::Utf16ToUt8] Input string too long: size_t-length doesn't fit into int.",
"0)5ZM[",
".?AVbad_cast@std@@",
"resource deadlock would occur",
"f9t$bu",
"`managed vector constructor iterator'",
" ",
"%fff.",
" ffff.",
"x AVH",
"ufD9v",
"af-za",
"LnusH",
"uHH+u0H",
"IsValidLocaleName",
"UnhandledExceptionFilter",
"n03>Pu",
"Cfff.",
"ar-ma",
".?AVlength_error@std@@",
"api-ms-win-core-string-l1-1-0",
"K&>.yC",
"hr-hr",
"ta-IN",
"^",
" ( ",
"CorExitProcess",
"api-ms-",
"zh-TW",
"XcZE0?A",
"A_A^A]A\\_^]",
"api-ms-win-security-systemfunctions-l1-1-0",
"broken pipe",
"RtlCaptureContext",
"mk-MK",
"f;\\$T",
"GetFileType",
"vyfffff",
"VWAUH",
"@UAVAWH",
"X[_^A\\A]A^A_]",
"rbf;\\$l",
"^We|@'MP",
"([_^]",
"L$0f;",
"HcK H",
"t9LcF",
"ar-EG",
"L$@f;",
"`vector vbase constructor iterator'",
"Aju:H",
"ml-in",
"@d=.t",
"sr-ba-latn",
"{'\\u-H",
"ms-BN",
"nn-NO",
"f;\\$\\",
"]L+6H",
"JzOuCH",
"vi-VN",
"it-ch",
"L}LTz",
"api-ms-win-core-synch-l1-2-0",
"@.gxfg",
"afffff.",
"WaitForSingleObject",
"x[]_^A\\A]A^A_",
"AjuD.X",
"english-jamaica",
"ca-ES",
"VWATAVAWH",
"operation canceled",
"@.rsrc",
";.u1L",
"sma-se",
" ",
"fa-ir",
"|$8L;",
"ms-my",
"~V=MDN1",
"spanish-uruguay",
"english-can",
"[_^A^]",
"api-ms-win-core-xstate-l2-1-0",
"d$8L)",
"fA9,Au",
"div-mv",
"`placement delete closure'",
"sms-fi",
"GS~dA",
"V9>_A",
"de-li",
"FlsSetValue",
"GetLastError",
"address family not supported",
"cross device link",
"&commandId=",
"+h->|",
"device or resource busy",
"nl-NL",
"CoInitialize",
"$ffffff.",
"t)IcV",
" Base Class Array'",
"`eh vector constructor iterator'",
"syr-sy",
".?AVios_base@std@@",
"nl-be",
"`local static thread guard'",
"english-ire",
"LoadLibraryExW",
"yx7u{H",
"ar-QA",
"pR[|*",
"argument list too long",
"GetLocaleInfoW",
"L$8H3",
"EntryPoint",
"Aju>L",
".xJ>Hf",
"`vector vbase copy constructor iterator'",
"H;xXu5",
"WriteConsoleW",
"r+srA",
"8Ht;I",
"_logb",
"tSf91tNH",
"|$ UATAUAVAWH",
"mi-NZ",
"9p@u+",
"",
"f9,Ju",
"__unaligned",
"ar-AE",
"D;-~j",
"D$@E3",
"da-dk",
"1j!P<",
"too many files open",
"L$`f;",
"GetProcessHeap",
"L$&8\\$&t,8Y",
"api-ms-win-core-processthreads-l1-1-2",
"]p.VAA",
"address not available",
"div-MV",
"china",
"@SUWH",
";Fu6D",
"no link",
"\"cUxu;H",
"es-PR",
"InterlockedFlushSList",
"t$xfI",
"iostream",
"GetCommandLineW",
"[Utf8Conv::Utf8ToUtf16] Input string too long: size_t-length doesn't fit into int.",
"ineID",
"TlsGetValue",
" fffff.",
"operator<=>",
"VWAVH",
"ATAVAWH",
"GetStringTypeW",
"D$@fD",
"L$(E3",
"sl-SI",
"FindNextFileW",
"spanish-modern",
"fo-fo",
"rKf;\\$t",
"=*(\"_",
"GetCommandLineA",
"HcC H",
"8_^][",
"WR]u3I",
"not a socket",
".?AV_Generic_error_category@std@@",
"?ls~#",
"__pascal",
"pt-BR",
"ar-TN",
"A_A^A]_]",
"?f`Y4",
"p*W4H",
"kernelbase",
"AWAVAUATVWUSH",
"0123456789abcdefghijklmnopqrstuvwxyz",
"L$0M)",
"r7f;\\$|",
"ATAUAVH",
" ((((( H",
".?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@",
"tvLc{",
"\\$HH)",
"spanish-chile",
"e8[_^A\\A]A^A_]",
"sv-SE",
"fA90u",
"~,=C=",
"GetDateFormatEx",
"*StO9>T",
"|$(A^",
">&!;D",
"WINHTTP.dll",
"ffff.",
",offff.",
" A_A^A]A\\_^]",
"no stream resources",
"connection refused",
"sw-KE",
"se-FI",
"ml-IN",
"es-pr",
"TlsAlloc",
"+M<7>",
" []_^A^",
"LC_TIME",
"english-american",
"es-EC",
"f ,wu",
"ios_base::eofbit set",
"ar-kw",
"`omni callsig'",
"tt-ru",
"DecodePointer",
"ot$ H",
"=r+sru",
"identifier removed",
"pB]P67",
"se-SE",
"@A_A^A\\_^[]",
"L$0H1",
"GetOEMCP",
"fr-LU",
"AcquireSRWLockExclusive",
"0A_A^A]A\\_",
"CreateDirectoryW",
"StringFromGUID2",
"__cdecl",
"[Utf8Conv::Utf8ToUtf16] Cannot get result string length when converting from UTF-8 to UTF-16 (MultiByteToWideChar failed).",
"D$8L9",
"no message available",
" delete[]",
"p*Z\\h",
"fi-fi",
"8D$@t",
"address in use",
"L$8M)",
"`eh vector copy constructor iterator'",
"ExitThread",
"A_A^A]A\\_^[",
";\\$p|",
"text file busy",
"Nfffff.",
"HcE_H",
"en-ZW",
"message size",
"en-us",
"__swift_3",
"ReadFile",
"zu-za",
"en-nz",
"JzOuDH",
"(t$0H",
"6`uQI",
"B*~&=0",
"fD9,pu",
"invalid argument",
"Vfffff.",
"\"cUxu;M",
"fB9<{u",
"Offff.",
"__fastcall",
"xA_A^A]A\\_^[]",
"A_A^A]A\\_",
"[Utf8Conv::Utf8ToUtf16] Invalid UTF-8 sequence found in input string.",
"UAWAVAUATVWSPH",
"E80t\"A",
"E/H9E",
"smj-SE",
"D$Xf;",
"P[_^A^]",
"GetACP",
"uzKs@>",
"D$/M9\"",
"0A_A^_",
"kE>fvw",
"1#QNAN",
"ar-ye",
"ABCDEFGHIJKLMNOPQRSTUVWXYZ",
"south korea",
"D!|$xA",
"GetSystemTimeAsFileTime",
"~<=C=",
"tQfD9 tK",
".?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@",
"operation would block",
"az-az-cyrl",
"SVWATAUAWH",
"@A_A^A]A\\_^]",
"no protocol option",
"99~CE",
"N/H;p",
"de-LI",
"",
"operator \"\" ",
"Efff.",
"u3HcH{9u",
"KERNEL32.dll",
"fr-MC",
"english-us",
"Aju[",
"bad cast",
"Yi>xu",
"es-NI",
"wrong protocol type",
"ns-za",
"spanish-argentina",
"TUUUU",
"GetModuleHandleW",
"Vr.>T",
">jtm}S",
"LeaveCriticalSection",
"bad array new length",
"__based(",
"8[_^A^A_]",
"`A_A^A]A\\_^]",
"ext-ms-win-ntuser-windowstation-l1-1-0",
"english-trinidad y tobago",
"no space on device",
"3zfhl",
"H!D$ H",
"H[]_^A\\A]A^A_",
"fr-lu",
"api-ms-win-core-file-l1-2-4",
" !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
"sk-SK",
"es-DO",
"api-ms-win-core-localization-obsolete-l1-2-0",
"h[_^A\\A]A^A_]",
"UAWAVAUATVWSH",
"eu-ES",
"=s}a[",
"RoUninitialize",
"=z[{5u",
"y\\PD>!",
"t$ E3",
"`local static guard'",
"@8~0t",
"Lj[;>",
"rfffff.",
"u%@8j(t",
"Saturday",
"LC_COLLATE",
"not a directory",
"D$@f;",
"es-ar",
"spanish-honduras",
"TerminateProcess",
"WinHttpSetTimeouts",
"@USVWATAUAVH",
"|$xL;",
"english-nz",
"kok-IN",
"HcQL",
"english-belize",
"wffffff.",
"November",
"AWAVAUATVWUSP",
".?AV_Iostream_error_category2@std@@",
"E+A@I",
"spanish-paraguay",
"es-HN",
"nan(ind)",
" Base Class Descriptor at (",
"@>%>b",
"remote.dll",
"(ffff.",
"HcG H",
"iu+-,",
"~O=pi",
".?AVfacet@locale@std@@",
"kL@8o(u",
"es-ve",
"state not recoverable",
"zh-MO",
"ar-jo",
"es-UY",
"se-no",
"&result=",
"WinHttpOpenRequest",
"ta-in",
"=Fw(d",
"Effff.",
"L$8f;",
"i\"~1A",
"([]_^A^A_",
"TlsFree",
"SleepConditionVariableSRW",
"Content-Type: application/x-www-form-urlencoded",
"9Cu,fD9y",
"de-ch",
"L$ |+L;",
"Et9=U",
"April",
"united-kingdom",
"=imb;D",
"\"cUxu8I",
"UAWAVVWSH",
"SVWATAUAVAWH",
"gl-ES",
"F,u;M",
"de-DE",
"__swift_1",
"`local vftable'",
"restrict(",
".?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@",
"@[_^A^]",
"f ,wE",
"=aY:x",
"file too large",
"GetConsoleMode",
"L$$=Vxx",
"atan2",
"UAWAVAUATVWS",
"L$PH1",
"l$ VWAVH",
"@BtFD",
"dTu3L",
"pfff.",
"ar-bh",
"generic",
"fD91uTL9r",
"zh-HK",
"ios_base::failbit set",
"HeapSize",
" A_A^A\\",
"0A_A^A]A\\_^[",
"AVVWUSH",
"Friday",
"&fff.",
"fA99}",
".?AVexception@std@@",
"l$ E3",
"fD9l$pt",
"\"cUxA",
"[aOni*{",
"`vbase destructor'",
"te-in",
"|$ AVH",
"fD9'u",
"RtlLookupFunctionEntry",
"xOHcC",
"kn-in",
" delete",
"GetCurrentProcessId",
"zh-CN",
"spanish-nicaragua",
"H[]_^",
"e0A_A^]",
"#fff.",
"hu-hu",
"smj-se",
"sr-BA-Cyrl",
"ar-MA",
"L$HL9",
"^We|qe",
"south-korea",
"VWATAVAW",
"es-VE",
" ",
"ar-ly",
"sma-SE",
"([]_^",
"D8|$`t",
"smn-FI",
"i\"tlM",
"|$DE3",
"french-belgian",
"UVWAVAWH",
"L$@;|",
"en-JM",
"zh-chs",
"L$ SUVWH",
"SetHandleInformation",
"{ AVH",
"uk-UA",
"HcEgH",
"PA_A^A]A\\_^]",
"8[]_^A\\A]A^A_",
"L$`H1",
"pl-pl",
"vector too long",
"ar-SA",
"t7HcP",
";I9}(tiH",
"Cn`tf",
"D$(H!L$ E3",
"en-tt",
"connection already in progress",
"A_A]A\\_^[",
"GetModuleHandleExW",
"es-hn",
"network down",
"?lst[D",
"t$`L#",
"GetCurrentThreadId",
"InitializeCriticalSectionEx",
"gfffA",
"s AWH",
"es-GT",
"zh-mo",
"x[_^A^A_]",
"network reset",
"bg-bg",
";&.f~=",
"EH*?H",
"}-~ =0",
"L$hf;",
"vAD8s(t",
"!This program cannot be run in DOS mode.$",
"D$@H;",
"p0R^G'",
"de-CH",
"_nextafter",
"de-AT",
"uz-UZ-Cyrl",
"0A^_^",
"english-aus",
"es-py",
"0iN>/",
"destination address required",
"mt-MT",
"el-GR",
"L$@H9H",
"tt-RU",
"D$ I9",
"es-SV",
"vKfffff",
"vf?g",
"id-ID",
"__vectorcall",
"1#IND",
" ",
"([_^A^",
"ekN6D",
"ar-qa",
"A_A^A]A\\_^[]",
"WinHttpSendRequest",
"D$ I9P",
"sv-se",
"r_f;\\$l",
"|b=})>",
"H;D$ A",
"L!|$(L!",
"3>N;kU",
"AppPolicyGetThreadInitializationType",
"api-ms-win-core-winrt-l1-1-0",
"?:kP<",
"chinese-traditional",
"E8a(u",
"D$PI;",
"=NDN1",
"pSQ~W'",
"south-africa",
"fB958d%",
"uz-UZ-Latn",
"d$dD;d$l",
"es-pa",
"ekN6tAA",
"EnterCriticalSection",
"Aju>H",
"permission denied",
".?AVerror_category@std@@",
" [_^A^]",
"es-do",
"pr china",
"es-ni",
"tyfD9 tsH",
"norwegian-bokmal",
"pt-pt",
"UTF-16LEUNICODE",
"spanish-puerto rico",
"LC_CTYPE",
"ro-RO",
"WATAUAVAWH",
"August",
"es-PE",
"u1!D$0H",
"fffff",
"UATAUAVAWH",
"`dynamic initializer for '",
"english-uk",
",/<-w",
"t$ WH",
"en-CB",
".?AVUtf8ConversionException@@",
"GetUserDefaultLocaleName",
"spanish-peru",
"8HtyB",
"L$ WH",
"bad exception",
"RtlPcToFileHeader",
"([_^A^A_]",
"bn-IN",
"@A_A^A\\",
"ex[_^A\\A]A^A_]",
"Hc}`I",
"T$ Lc",
"fB9&X",
"`anonymous namespace'",
"_RDATA",
"Yi>xA",
"E8q(u",
"fB9<@u",
"FlsGetValue",
"success",
"u4I9}(",
"de-lu",
"MultiByteToWideChar",
"!t#~i=",
"`vector destructor iterator'",
"ja-jp",
"fr-mc",
"6fffff.",
"-I$~g=",
"ms-bn",
"`A^_^",
"be-BY",
"HcO H",
"portuguese-brazilian",
"Dffff.",
"t%fE9",
"ExitProcess",
"UAWAVVWSPH",
"sv-fi",
"FindClose",
"RaiseException",
"quz-bo",
"SetStdHandle",
"8[_^A\\A]A^A_]",
"es-pe",
"zh-SG",
"D$PH+",
"HH:mm:ss",
"F,u>H",
"\"tK=R]",
"GetStartupInfoW",
"UAWAVATVWSH",
"AWAVVWUS",
"fr-ch",
"tP=/O",
"QueryPerformanceCounter",
".?AUctype_base@std@@",
"#ffffff.",
"Aju6H",
"file exists",
"ReleaseSRWLockExclusive",
"!>6'Y",
"D$(I9",
"SUVWATAVAWH",
"L$HH1",
"already connected",
"6`uLI",
"en-IE",
"^~E/Q",
"`scalar deleting destructor'",
"`dynamic atexit destructor for '",
"UNKNOWN",
"fE9)fA",
"no such process",
"CreatePipe",
"Download failed: ",
"__restrict",
"en-BZ",
"mn-mn",
"sr-sp-cyrl",
"eu-es",
"en-zw",
"L$,H9",
"HcS H",
"wwH9Q",
"kk-kz",
"'fff.",
"phUp`",
"'ffffff.",
"chinese",
"D$pf;",
"EncodePointer",
"f;\\$<",
"L$xE3",
"GetLocaleInfoEx",
"__stdcall",
"Aju6t9^",
"sw-ke",
"GetTempPath2W",
"ru-RU",
"mk-mk",
"\"cUxD",
"GetCPInfo",
"@A_A^A\\_^][",
"c(>\\,",
"spanish-colombia",
"th-th",
"ru-ru",
"A_A^A\\_^][",
"D84:u",
"LocaleNameToLCID",
"network unreachable",
"AWAVATVWUS",
"pt-br",
"@8<)u",
"pQZ0Z?!",
"T$ D){",
"ka-ge",
"|fffff.",
"ur-pk",
"`RTTI",
"(fff.",
"fo-FO",
"AWAVVWUSH",
"ItM=8",
"bn-in",
"`[_^A^]",
"IsDebuggerPresent",
"cs-CZ",
"t'HcW",
" ",
"WR]u/L",
"%nay\\",
"[Utf8Conv::Utf16ToUtf8] Cannot convert from UTF-16 to UTF-8 (WideCharToMultiByte failed).",
"`[_^A\\A^A_]",
"Aju:L",
",I<%w",
"Wednesday",
"X[]_^A\\A]A^A_",
" A_A^A]A\\_",
"K0HcQ",
"swiss",
"/poll?id=",
"UTF-8",
"nl-nl",
"*Xx~u",
"italian-swiss",
"G3fuh",
"!ffff.",
"az-az-latn",
"L$8H9",
"sl-si",
"smj-no",
"uz-uz-latn",
"AUAVAWH",
"H+D$0D",
"f9pP&",
"September",
"\";Lfff.",
"D$(E3",
"WATAVH",
"sr-sp-latn",
"sr-SP-Cyrl",
"pjP:E",
"LC_MONETARY",
"en-ca",
"DeleteCriticalSection",
"9t$Pu",
"false",
"AjuM",
"Download successful: ",
"mn-MN",
"u4D9v",
"te-IN",
"zh-tw",
"f;\\$4",
"bg-BG",
"FreeEnvironmentStringsW",
"JzOuBH",
"fr-be",
"LCMapStringW",
"(t$ A",
"~&=Tv",
"fr-ca",
"`vector copy constructor iterator'",
"5ffffff.",
",fff.",
"M50u61",
"L$ L;",
"filename too long",
"AWAVAUATVWUSPH",
"1z#V<",
"advapi32",
"bad address",
"__clrcall",
"`local vftable constructor closure'",
"X @8u",
"GetEnvironmentStringsW",
"__eabi",
"bad message",
"L$ VWAVH",
"es-sv",
"@[]_^A\\A^A_",
"interrupted",
"Dhu-A",
".Tff.",
"L!d$(L!d$@D",
"s2fE9)I",
"mr-IN",
"fffffff",
"October",
"it-CH",
"@8~0tM",
"`virtual displacement map'",
"December",
" fff.",
"da-DK",
"GetStdHandle",
"ios_base::badbit set",
"protocol error",
"english-caribbean",
"CONOUT$",
" ",
"stream timeout",
"[_^A^A_]",
"\\fffff.",
"nan(snan)",
"`copy constructor closure'",
"ceu@H",
"__thiscall",
"@8t$HtzL",
"=aY:TS",
"(fffff.",
"d72mu",
"fB9,Nu",
"p\"PPc",
"australian",
"fD94Q}",
"en-jm",
"iostream stream error",
"fr-FR",
".?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@",
"pA_A^A]A\\_^[",
"en-cb",
"93)\"D",
"ca-es",
"0A_A^A]A\\^",
"BBS'G",
"L$@E1",
"L$pH1",
"#E~&=H",
"fr-BE",
"0fD9l$pu",
".?AVout_of_range@std@@",
"VATAUAVAWH",
"h[]_^A\\A]A^A_",
"v#9Iu",
"zh-CHS",
"t$8H)",
"es-CR",
"H[_^A^A_]",
"zu-ZA",
"|$@H=",
"tr-TR",
"InitializeSListHead",
"SetFilePointerEx",
"spanish-el salvador",
"Thursday",
"A_A^A\\_^",
"__ptr64",
"L$ UVWATAUAVAWH",
"GetTimeFormatEx",
"ar-sy",
"D81uUL9r",
"H9>u+A",
"et-EE",
"M8~+I",
"ja-JP",
"`udt returning'",
"f9)u4H9j",
".?AVruntime_error@std@@",
"v2zfhl",
"GetUserDefaultLCID",
"uz-uz-cyrl",
"api-ms-win-core-sysinfo-l1-2-1",
"9\\$hu",
"D$DE3",
"`vcall'",
"api-ms-win-core-localization-l1-2-1",
"GetConsoleOutputCP",
"german-lichtenstein",
".?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@",
"Yffff.",
"quz-PE",
"es-BO",
"ldexp",
"be-by",
"p;Y>u",
"u$D8r(t",
"fD94H}aD",
".?AV?$_Iosb@H@std@@",
"spanish-dominican republic",
"en-ie",
"8[]_^A^A_",
"es-es",
",otnE",
"D$HL9gXt",
"se-fi",
"too many symbolic link levels",
"pa-IN",
"Sunday",
"IsProcessorFeaturePresent",
"sa-IN",
".text",
"@USVWATAVAWH",
"nb-no",
"@8j(t",
"D$pHc",
"sq-AL",
"}-~+=0",
"svDE3",
"L;|$0A",
"t$xt*3",
"p AWH",
"az-AZ-Latn",
"X%\\gn4",
"D$HL9",
"f;\\$`\"(5",
"en-ZA",
"WR]u1H",
"SetEndOfFile",
"api-ms-win-core-file-l1-2-2",
"Aju>I",
"german-austrian",
"D6JtS",
"es-cl",
"iygE3",
"v2!L.2",
".?AVbad_alloc@std@@",
"ko-kr",
"hr-BA",
"\"cUxu0'",
"fD9 t",
"ka-GE",
"ffffff.",
"ro-ro",
" Class Hierarchy Descriptor'",
"fD94iu",
"zh-hk",
"\\$ E3",
"too many links",
"NAN(IND)",
"t$`fD9+t$I",
"FlsFree",
"en-AU",
"zh-CHT",
"obwQ4",
" ",
"|$@-D",
"WinHttpReceiveResponse",
"yu8E1",
"GetComputerNameExW",
"CreateThread",
"tRLcY",
"e+000",
"ar-SY",
"connection reset",
"p@\\xV.",
"Tuesday",
"t==@VL",
"3>fvw",
"kk-KZ",
"WakeAllConditionVariable",
"fr-CA",
"+(\"_L",
"0A_A^_^]",
"\"cUxuI",
"IsValidCodePage",
"FlsAlloc",
"t$ WATAUAVAWH",
"z\\%YA",
"D$0H9D$8",
"\"cUxu;L",
"[]_^A^A_",
"fD9;u",
"A9,A$",
"trinidad & tobago",
"`managed vector copy constructor iterator'",
"A^A]A\\",
"$ffff.",
"ko-KR",
"\"cUxuuQk",
"@USWH",
"american-english",
"fE98t'",
"norwegian",
"no such file or directory",
"l$8H+l$0",
"ky-kg",
"ReadConsoleW",
"@SVWATAUAVAWH",
"timed out",
"d$ D!",
"function not supported",
"0[_^A^]",
"it-it",
"&hostname=",
"io error",
"t}f91txH",
"api-ms-win-core-fibers-l1-1-1",
"kn-IN",
"D$Pf;",
"_hypot",
"argument out of domain",
"ur-PK",
" !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~",
"B(I9A(u",
"es-bo",
"D$pH9Ph",
"sr-ba-cyrl",
"D$0H;",
"de-LU",
"A^_^[]",
"\"cUxu7M",
"fD9*u",
"MM/dd/yy",
"0A_A^A\\_^",
"[Utf8Conv::Utf16ToUtf8] Invalid UTF-16 sequence found in input string.",
"?lstkD",
"es-PY",
"`vftable'",
"6ffffff.",
"britain",
"9D$Pu",
"?7zQ6$",
"fi-FI",
"H9L$Ht?H",
"ar-OM",
"no child process",
"B\"rLE",
"L$@H)",
"es-cr",
"\\$0H;",
"ar-JO",
"6ffff.",
"spanish-panama",
"hr-HR",
"invalid seek",
"fr-fr",
"api-ms-win-core-datetime-l1-1-1",
"no such device or address",
"=2hx}",
"SetUnhandledExceptionFilter",
"UAVVWSH",
"sma-NO",
"~j= $",
"L$@H1",
"uED8r(t",
"@A_A^_",
".?AV_Locimp@locale@std@@"
],
"virustotal": {
"names": [
"qm4ht.exe",
"r.dll"
],
"scan_id": "c9c6ab6c4051f649d7da8acd12ffbf26f8eaeb6c1ace6df290f944ce2992b35a",
"md5": "5abd96ba0adce161517b32097bd2acd3",
"sha1": "20eb206964b6f02eea4719e9ab42bc2a786af65f",
"sha256": "c9c6ab6c4051f649d7da8acd12ffbf26f8eaeb6c1ace6df290f944ce2992b35a",
"tlsh": "T17FD49C08E552D2EDD257C17186920B29A7B2B4B10518AFFB21B2C7B01FABBF85F5C711",
"positives": 43,
"total": 76,
"permalink": "https://www.virustotal.com/api/v3/files/c9c6ab6c4051f649d7da8acd12ffbf26f8eaeb6c1ace6df290f944ce2992b35a",
"scans": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "2.0.0.1",
"engine_update": "20260303",
"category": "malicious",
"result": "W64.AIDetectMalware"
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260303",
"category": "malicious",
"result": "Trojan.Win32.PhantomRemote.m!c"
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260303",
"category": "malicious",
"result": "Gen:Variant.Tedy.793805"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260303",
"category": "malicious",
"result": "dll.backdoor.generic"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260303",
"category": "malicious",
"result": "Gen:Variant.Tedy.793805"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260303",
"category": "malicious",
"result": "Gen:Variant.Tedy.793805"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260302",
"category": "malicious",
"result": "Trojan.Win32.Save.a"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.39.58764",
"engine_update": "20260303",
"category": "malicious",
"result": "Backdoor ( 006da25f1 )"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260303",
"category": "malicious",
"result": "Gen:Variant.Tedy.793805"
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.39.58764",
"engine_update": "20260303",
"category": "malicious",
"result": "Backdoor ( 006da25f1 )"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "malicious",
"result": "win/malicious_confidence_100% (W)"
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260303",
"category": "malicious",
"result": "ML.Attribute.HighConfidence"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.251",
"engine_update": "20260226",
"category": "malicious",
"result": "malicious (high confidence)"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260303",
"category": "malicious",
"result": "Win64/Agent.AWJ trojan"
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.754",
"engine_update": "20260301",
"category": "malicious",
"result": "Malicious"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260303",
"category": "malicious",
"result": "TROJ_GEN.R002H09BD26"
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260303",
"category": "malicious",
"result": "generic.ml"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260303",
"category": "malicious",
"result": "HEUR:Backdoor.Win64.PhantomRemote.gen"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "malicious",
"result": "Backdoor:Application/Generic.a2d96270"
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260303",
"category": "malicious",
"result": "Backdoor.PhantomRemote!8.1D35E (CLOUD)"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.3.1.0",
"engine_update": "20260303",
"category": "malicious",
"result": "Mal/Generic-S"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5555",
"engine_update": "20260302",
"category": "malicious",
"result": "Trojan.Agent.Win64.168080"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14023",
"engine_update": "20260303",
"category": "malicious",
"result": "ti!C9C6AB6C4051"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.10.0",
"engine_update": "20260224",
"category": "malicious",
"result": "malicious.moderate.ml.score"
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260303",
"category": "malicious",
"result": "Gen:Variant.Tedy.793805 (B)"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260303",
"category": "malicious",
"result": "Trojan.Win64.Agent"
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.43724AVA:64.30764",
"engine_update": "20260303",
"category": "malicious",
"result": "Win64.Backdoor.PhantomRemote.A"
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1772557249",
"engine_update": "20260303",
"category": "malicious",
"result": "Detected"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260303",
"category": "malicious",
"result": "W64/ABBackdoor.IVEU-6587"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260303",
"category": "malicious",
"result": "Trojan[Backdoor]/Win64.PhantomRemote"
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260303",
"category": "malicious",
"result": "Win64.Backdoor.PhantomRemot.gen"
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260303",
"category": "malicious",
"result": "Trojan.Tedy.DC1CCD"
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26010.1",
"engine_update": "20260303",
"category": "malicious",
"result": "Trojan:Win32/Wacatac.B!ml"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260303",
"category": "malicious",
"result": "Malicious (score: 100)"
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260303",
"category": "malicious",
"result": "MALICIOUS"
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260302",
"category": "malicious",
"result": "Unsafe"
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260303",
"category": "malicious",
"result": "Malware.Win32.Gencirc.14a8b8b6"
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260303",
"category": "malicious",
"result": "Artemis!5ABD96BA0ADC"
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260303",
"category": "malicious",
"result": "Trojan.Malware.391580069.susgen"
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.30.0",
"engine_update": "20260303",
"category": "malicious",
"result": "W32/PossibleThreat"
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260303",
"category": "malicious",
"result": "Win64:MalwareX-gen [Misc]"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260303",
"category": "malicious",
"result": "Win64:MalwareX-gen [Misc]"
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Backdoor:Win/PhantomRemote.gyf"
}
},
"resource": "c9c6ab6c4051f649d7da8acd12ffbf26f8eaeb6c1ace6df290f944ce2992b35a",
"results": [
{
"vendor": "Bkav",
"sig": "W64.AIDetectMalware"
},
{
"vendor": "Lionic",
"sig": "Trojan.Win32.PhantomRemote.m!c"
},
{
"vendor": "tehtris",
"sig": null
},
{
"vendor": "MicroWorld-eScan",
"sig": "Gen:Variant.Tedy.793805"
},
{
"vendor": "CTX",
"sig": "dll.backdoor.generic"
},
{
"vendor": "CAT-QuickHeal",
"sig": null
},
{
"vendor": "Skyhigh",
"sig": null
},
{
"vendor": "ALYac",
"sig": "Gen:Variant.Tedy.793805"
},
{
"vendor": "Malwarebytes",
"sig": null
},
{
"vendor": "VIPRE",
"sig": "Gen:Variant.Tedy.793805"
},
{
"vendor": "Sangfor",
"sig": "Trojan.Win32.Save.a"
},
{
"vendor": "K7AntiVirus",
"sig": "Backdoor ( 006da25f1 )"
},
{
"vendor": "BitDefender",
"sig": "Gen:Variant.Tedy.793805"
},
{
"vendor": "K7GW",
"sig": "Backdoor ( 006da25f1 )"
},
{
"vendor": "CrowdStrike",
"sig": "win/malicious_confidence_100% (W)"
},
{
"vendor": "huorong",
"sig": null
},
{
"vendor": "Baidu",
"sig": null
},
{
"vendor": "VirIT",
"sig": null
},
{
"vendor": "Symantec",
"sig": "ML.Attribute.HighConfidence"
},
{
"vendor": "Elastic",
"sig": "malicious (high confidence)"
},
{
"vendor": "ESET-NOD32",
"sig": "Win64/Agent.AWJ trojan"
},
{
"vendor": "APEX",
"sig": "Malicious"
},
{
"vendor": "TrendMicro-HouseCall",
"sig": "TROJ_GEN.R002H09BD26"
},
{
"vendor": "Paloalto",
"sig": "generic.ml"
},
{
"vendor": "ClamAV",
"sig": null
},
{
"vendor": "Kaspersky",
"sig": "HEUR:Backdoor.Win64.PhantomRemote.gen"
},
{
"vendor": "Alibaba",
"sig": "Backdoor:Application/Generic.a2d96270"
},
{
"vendor": "NANO-Antivirus",
"sig": null
},
{
"vendor": "ViRobot",
"sig": null
},
{
"vendor": "Rising",
"sig": "Backdoor.PhantomRemote!8.1D35E (CLOUD)"
},
{
"vendor": "Sophos",
"sig": "Mal/Generic-S"
},
{
"vendor": "F-Secure",
"sig": null
},
{
"vendor": "DrWeb",
"sig": null
},
{
"vendor": "Zillya",
"sig": "Trojan.Agent.Win64.168080"
},
{
"vendor": "TrendMicro",
"sig": null
},
{
"vendor": "McAfeeD",
"sig": "ti!C9C6AB6C4051"
},
{
"vendor": "Trapmine",
"sig": "malicious.moderate.ml.score"
},
{
"vendor": "CMC",
"sig": null
},
{
"vendor": "Emsisoft",
"sig": "Gen:Variant.Tedy.793805 (B)"
},
{
"vendor": "Ikarus",
"sig": "Trojan.Win64.Agent"
},
{
"vendor": "GData",
"sig": "Win64.Backdoor.PhantomRemote.A"
},
{
"vendor": "Jiangmin",
"sig": null
},
{
"vendor": "Webroot",
"sig": null
},
{
"vendor": "Google",
"sig": "Detected"
},
{
"vendor": "Avira",
"sig": null
},
{
"vendor": "Varist",
"sig": "W64/ABBackdoor.IVEU-6587"
},
{
"vendor": "Antiy-AVL",
"sig": "Trojan[Backdoor]/Win64.PhantomRemote"
},
{
"vendor": "Kingsoft",
"sig": "Win64.Backdoor.PhantomRemot.gen"
},
{
"vendor": "Gridinsoft",
"sig": null
},
{
"vendor": "Xcitium",
"sig": null
},
{
"vendor": "Arcabit",
"sig": "Trojan.Tedy.DC1CCD"
},
{
"vendor": "SUPERAntiSpyware",
"sig": null
},
{
"vendor": "ZoneAlarm",
"sig": null
},
{
"vendor": "Microsoft",
"sig": "Trojan:Win32/Wacatac.B!ml"
},
{
"vendor": "Cynet",
"sig": "Malicious (score: 100)"
},
{
"vendor": "AhnLab-V3",
"sig": null
},
{
"vendor": "Acronis",
"sig": null
},
{
"vendor": "VBA32",
"sig": null
},
{
"vendor": "TACHYON",
"sig": null
},
{
"vendor": "DeepInstinct",
"sig": "MALICIOUS"
},
{
"vendor": "Cylance",
"sig": "Unsafe"
},
{
"vendor": "Panda",
"sig": null
},
{
"vendor": "Zoner",
"sig": null
},
{
"vendor": "Tencent",
"sig": "Malware.Win32.Gencirc.14a8b8b6"
},
{
"vendor": "Yandex",
"sig": null
},
{
"vendor": "TrellixENS",
"sig": "Artemis!5ABD96BA0ADC"
},
{
"vendor": "SentinelOne",
"sig": null
},
{
"vendor": "MaxSecure",
"sig": "Trojan.Malware.391580069.susgen"
},
{
"vendor": "Fortinet",
"sig": "W32/PossibleThreat"
},
{
"vendor": "AVG",
"sig": "Win64:MalwareX-gen [Misc]"
},
{
"vendor": "Avast",
"sig": "Win64:MalwareX-gen [Misc]"
},
{
"vendor": "alibabacloud",
"sig": "Backdoor:Win/PhantomRemote.gyf"
},
{
"vendor": "Trustlook",
"sig": null
},
{
"vendor": "SymantecMobileInsight",
"sig": null
},
{
"vendor": "BitDefenderFalx",
"sig": null
},
{
"vendor": "Avast-Mobile",
"sig": null
}
],
"detection": "Phantomremote",
"summary": "43/76"
},
"executed_tools": [
"overlay",
"msi_extract",
"kixtart_extract",
"vbe_extract",
"batch_extract",
"UnAutoIt_extract",
"UPX_unpack",
"RarSFX_extract",
"Inno_extract",
"SevenZip_unpack",
"de4dot_deobfuscate",
"eziriz_deobfuscate",
"office_one"
],
"cape_type_code": 0,
"cape_type": ""
}
},
"CAPE": {
"payloads": [],
"configs": []
},
"info": {
"version": "2.5",
"started": "2026-03-05 12:06:25",
"ended": "2026-03-05 12:11:00",
"duration": 275,
"id": 7,
"category": "file",
"custom": "",
"machine": {
"id": 11,
"status": "stopping",
"name": "win10x64",
"label": "win10x64",
"platform": "windows",
"manager": "KVM",
"started_on": "2026-03-05 12:06:25",
"shutdown_on": "2026-03-05 12:10:59"
},
"package": "dll",
"timeout": true,
"tlp": null,
"parent_sample": null,
"options": {},
"source_url": null,
"route": "",
"user_id": 0,
"CAPE_current_commit": "a9a0887dab232f52c59e955b9984dd494c47ce6b"
},
"behavior": {
"processes": [
{
"process_id": 4596,
"process_name": "rundll32.exe",
"parent_id": 2908,
"module_path": "C:\\Windows\\System32\\rundll32.exe",
"first_seen": "2026-03-05 09:07:16,119",
"calls": [
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "160",
"caller": "0x7ff97fd1c237",
"parentcaller": "0x7ff97fd1bfca",
"category": "system",
"api": "LdrpCallInitRoutine",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "MappedPath",
"value": "\\Device\\HarddiskVolume1\\Windows\\System32\\imagehlp"
},
{
"name": "BaseAddress",
"value": "0x7ff97f270000"
},
{
"name": "InitRoutine",
"value": "0x7ff97f2723b0"
},
{
"name": "Reason",
"value": "1"
}
],
"repeated": 0,
"id": 0
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "160",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "160",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff78b206890"
},
{
"name": "Parameter",
"value": "0xc3e2262000"
}
],
"repeated": 0,
"id": 2
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "6760",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 3
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "6760",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff95ca5db90"
},
{
"name": "Parameter",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 4
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "5224",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 5
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "5224",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff95ca5dcf0"
},
{
"name": "Parameter",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 6
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "5404",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 7
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "5404",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff95ca5dad0"
},
{
"name": "Parameter",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 8
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "3416",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 9
},
{
"timestamp": "2026-03-05 09:07:16,947",
"thread_id": "3416",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff95ca5d6c0"
},
{
"name": "Parameter",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 10
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b206d01",
"parentcaller": "0x7ff78b2066e8",
"category": "hooking",
"api": "SetUnhandledExceptionFilter",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "ExceptionFilter",
"value": "0x7ff78b206cb0"
}
],
"repeated": 0,
"id": 11
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b20660e",
"parentcaller": "0x7ff78b20672d",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290add07000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 12
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b203f67",
"parentcaller": "0x7ff78b2040f8",
"category": "misc",
"api": "NtQuerySystemInformation",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SystemInformationClass",
"value": "164"
}
],
"repeated": 0,
"id": 13
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e06",
"parentcaller": "0x7ff78b2041be",
"category": "filesystem",
"api": "NtQueryAttributesFile",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll.manifest"
}
],
"repeated": 0,
"id": 14
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000001dc"
},
{
"name": "DesiredAccess",
"value": "0x001200a9",
"pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 15
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000001d8"
},
{
"name": "DesiredAccess",
"value": "0x00000004",
"pretty_value": "SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x000001dc"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
}
],
"repeated": 0,
"id": 16
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x40000003",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000001d8"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b19f0000"
},
{
"name": "SectionOffset",
"value": "0x00000000"
},
{
"name": "ViewSize",
"value": "0x000a8000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 17
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000001b8"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
}
],
"repeated": 0,
"id": 18
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "registry",
"api": "NtQueryValueKey",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000001b8"
},
{
"name": "ValueName",
"value": "PreferExternalManifest"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
}
],
"repeated": 0,
"id": 19
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001b8"
}
],
"repeated": 0,
"id": 20
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "filesystem",
"api": "NtOpenFile",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000000"
},
{
"name": "DesiredAccess",
"value": "0x001200a9",
"pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll.123.Manifest"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 21
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001dc"
}
],
"repeated": 0,
"id": 22
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001d8"
}
],
"repeated": 0,
"id": 23
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e63",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b19f0000"
},
{
"name": "RegionSize",
"value": "0x000a8000"
}
],
"repeated": 0,
"id": 24
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000001d8"
},
{
"name": "DesiredAccess",
"value": "0x001200a9",
"pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 25
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000001dc"
},
{
"name": "DesiredAccess",
"value": "0x00000004",
"pretty_value": "SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x000001d8"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
}
],
"repeated": 0,
"id": 26
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x40000003",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000001dc"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b19f0000"
},
{
"name": "SectionOffset",
"value": "0x00000000"
},
{
"name": "ViewSize",
"value": "0x000a8000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 27
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000001b8"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
}
],
"repeated": 0,
"id": 28
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "registry",
"api": "NtQueryValueKey",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000001b8"
},
{
"name": "ValueName",
"value": "PreferExternalManifest"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
}
],
"repeated": 0,
"id": 29
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001b8"
}
],
"repeated": 0,
"id": 30
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "filesystem",
"api": "NtOpenFile",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000000"
},
{
"name": "DesiredAccess",
"value": "0x001200a9",
"pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll.124.Manifest"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 31
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001d8"
}
],
"repeated": 0,
"id": 32
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001dc"
}
],
"repeated": 0,
"id": 33
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205e89",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b19f0000"
},
{
"name": "RegionSize",
"value": "0x000a8000"
}
],
"repeated": 0,
"id": 34
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000001dc"
},
{
"name": "DesiredAccess",
"value": "0x001200a9",
"pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 35
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000001d8"
},
{
"name": "DesiredAccess",
"value": "0x00000004",
"pretty_value": "SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x000001dc"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
}
],
"repeated": 0,
"id": 36
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x40000003",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000001d8"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b19f0000"
},
{
"name": "SectionOffset",
"value": "0x00000000"
},
{
"name": "ViewSize",
"value": "0x000a8000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 37
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000001b8"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
}
],
"repeated": 0,
"id": 38
},
{
"timestamp": "2026-03-05 09:07:17,010",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "registry",
"api": "NtQueryValueKey",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000001b8"
},
{
"name": "ValueName",
"value": "PreferExternalManifest"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
}
],
"repeated": 0,
"id": 39
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001b8"
}
],
"repeated": 0,
"id": 40
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001dc"
}
],
"repeated": 0,
"id": 41
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001d8"
}
],
"repeated": 0,
"id": 42
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b205eaf",
"parentcaller": "0x7ff78b2041be",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b19f0000"
},
{
"name": "RegionSize",
"value": "0x000a8000"
}
],
"repeated": 0,
"id": 43
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b2062e5",
"parentcaller": "0x7ff78b2041c9",
"category": "process",
"api": "NtOpenProcessToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "DesiredAccess",
"value": "0x00000008"
},
{
"name": "TokenHandle",
"value": "0x000001d8"
}
],
"repeated": 0,
"id": 44
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b206339",
"parentcaller": "0x7ff78b2041c9",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "18"
},
{
"name": "TokenInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 45
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b206374",
"parentcaller": "0x7ff78b2041c9",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "20"
},
{
"name": "TokenInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 46
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b2063ac",
"parentcaller": "0x7ff78b2041c9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000001d8"
}
],
"repeated": 0,
"id": 47
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b203bfb",
"parentcaller": "0x7ff78b20420f",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\SYSTEM32\\WINHTTP"
},
{
"name": "DllBase",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 48
},
{
"timestamp": "2026-03-05 09:07:17,025",
"thread_id": "160",
"caller": "0x7ff78b203bfb",
"parentcaller": "0x7ff78b20420f",
"category": "system",
"api": "NtQuerySystemTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 9,
"id": 49
},
{
"timestamp": "2026-03-05 09:07:17,072",
"thread_id": "160",
"caller": "0x7ff78b203bfb",
"parentcaller": "0x7ff78b20420f",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177"
},
{
"name": "DllBase",
"value": "0x7ff9693c0000"
}
],
"repeated": 0,
"id": 50
},
{
"timestamp": "2026-03-05 09:07:17,150",
"thread_id": "160",
"caller": "0x7ff969438fc7",
"parentcaller": "0x7ff969438f0e",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "api-ms-win-core-synch-l1-2-0"
},
{
"name": "BaseAddress",
"value": "0x7ff97d6b0000"
}
],
"repeated": 0,
"id": 51
},
{
"timestamp": "2026-03-05 09:07:17,150",
"thread_id": "160",
"caller": "0x7ff969438fc7",
"parentcaller": "0x7ff969438dd1",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "api-ms-win-core-fibers-l1-1-1"
},
{
"name": "BaseAddress",
"value": "0x7ff97d6b0000"
}
],
"repeated": 0,
"id": 52
},
{
"timestamp": "2026-03-05 09:07:17,150",
"thread_id": "160",
"caller": "0x7ff969430aaa",
"parentcaller": "0x7ff9694304ce",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "api-ms-win-core-synch-l1-2-0"
},
{
"name": "BaseAddress",
"value": "0x7ff97d6b0000"
}
],
"repeated": 0,
"id": 53
},
{
"timestamp": "2026-03-05 09:07:17,150",
"thread_id": "160",
"caller": "0x7ff969430aaa",
"parentcaller": "0x7ff9694305aa",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "api-ms-win-core-localization-l1-2-1"
},
{
"name": "BaseAddress",
"value": "0x7ff97d6b0000"
}
],
"repeated": 0,
"id": 54
},
{
"timestamp": "2026-03-05 09:07:17,150",
"thread_id": "160",
"caller": "0x7ff969430aaa",
"parentcaller": "0x7ff9694302b8",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "kernel32"
},
{
"name": "BaseAddress",
"value": "0x7ff97eb60000"
}
],
"repeated": 0,
"id": 55
},
{
"timestamp": "2026-03-05 09:07:17,760",
"thread_id": "160",
"caller": "0x7ff969430aaa",
"parentcaller": "0x7ff9694302b8",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
},
{
"name": "DllBase",
"value": "0x7ff97b2e0000"
}
],
"repeated": 0,
"id": 56
},
{
"timestamp": "2026-03-05 09:07:17,791",
"thread_id": "160",
"caller": "0x7ff969430aaa",
"parentcaller": "0x7ff9694302b8",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\System32\\bcryptPrimitives"
},
{
"name": "DllBase",
"value": "0x7ff97dc80000"
}
],
"repeated": 0,
"id": 57
},
{
"timestamp": "2026-03-05 09:07:17,854",
"thread_id": "160",
"caller": "0x7ff9693c2d9e",
"parentcaller": "0x7ff969421d7b",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\uxtheme"
},
{
"name": "DllBase",
"value": "0x7ff97adb0000"
}
],
"repeated": 0,
"id": 58
},
{
"timestamp": "2026-03-05 09:07:17,869",
"thread_id": "160",
"caller": "0x7ff9693c2d9e",
"parentcaller": "0x7ff969421d7b",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\uxtheme.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff97adb0000"
}
],
"repeated": 0,
"id": 59
},
{
"timestamp": "2026-03-05 09:07:17,947",
"thread_id": "160",
"caller": "0x7ff9694260e6",
"parentcaller": "0x7ff96941f02b",
"category": "threading",
"api": "NtCreateThreadEx",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ThreadHandle",
"value": "0x000001ec"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "StartAddress",
"value": "0x7ff9694261c0"
},
{
"name": "Parameter",
"value": "0x290addb2e70"
},
{
"name": "CreateFlags",
"value": "0x00000001"
},
{
"name": "ThreadId",
"value": "2860"
},
{
"name": "ProcessId",
"value": "4596"
},
{
"name": "Module",
"value": "sample_from_94fc2177.dll"
}
],
"repeated": 0,
"id": 60
},
{
"timestamp": "2026-03-05 09:07:17,947",
"thread_id": "160",
"caller": "0x7ff78b203bfb",
"parentcaller": "0x7ff78b20420f",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff9693c0000"
}
],
"repeated": 0,
"id": 61
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b203bfb",
"parentcaller": "0x7ff78b20420f",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x7ff9693c0000",
"arguments": [
{
"name": "lpLibFileName",
"value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll"
},
{
"name": "dwFlags",
"value": "0x00000008"
}
],
"repeated": 0,
"id": 62
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b203a5d",
"parentcaller": "0x7ff78b203cf4",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "sample_from_94fc2177.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff9693c0000"
},
{
"name": "FunctionName",
"value": ""
},
{
"name": "Ordinal",
"value": "1"
},
{
"name": "FunctionAddress",
"value": "0x7ff9693c80b0"
}
],
"repeated": 0,
"id": 63
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b2072a2",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 64
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b2072a2",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 65
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "FindResourceExW",
"status": true,
"return": "0x7ff78b20f2b8",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "Type",
"value": "#14"
},
{
"name": "Name",
"value": "#100"
},
{
"name": "Language",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 66
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "LoadResource",
"status": true,
"return": "0x7ff78b215628",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "ResourceInfo",
"value": "0x7ff78b20f2b8"
}
],
"repeated": 0,
"id": 67
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "FindResourceExW",
"status": true,
"return": "0x7ff78b20f298",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "Type",
"value": "#3"
},
{
"name": "Name",
"value": "#7"
},
{
"name": "Language",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 68
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "LoadResource",
"status": true,
"return": "0x7ff78b214118",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "ResourceInfo",
"value": "0x7ff78b20f298"
}
],
"repeated": 0,
"id": 69
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 70
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 71
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 72
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 73
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 74
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 75
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 76
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 77
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00002000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 78
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2061df",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00002000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 79
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b20760d",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 80
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b20760d",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 81
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b2073ee",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 82
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b2073ee",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 83
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b20754c",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 84
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b2064d2",
"parentcaller": "0x7ff78b20754c",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff78b20e000"
},
{
"name": "ModuleName",
"value": "rundll32.exe"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 85
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "LdrGetDllHandle",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileName",
"value": "C:\\Windows\\system32\\rundll32.exe"
},
{
"name": "ModuleHandle",
"value": "0x7ff78b200000"
}
],
"repeated": 0,
"id": 86
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "FindResourceExW",
"status": true,
"return": "0x7ff78b20f2b8",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "Type",
"value": "#14"
},
{
"name": "Name",
"value": "#100"
},
{
"name": "Language",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 87
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "LoadResource",
"status": true,
"return": "0x7ff78b215628",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "ResourceInfo",
"value": "0x7ff78b20f2b8"
}
],
"repeated": 0,
"id": 88
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "FindResourceExW",
"status": true,
"return": "0x7ff78b20f2a8",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "Type",
"value": "#3"
},
{
"name": "Name",
"value": "#8"
},
{
"name": "Language",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 89
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "misc",
"api": "LoadResource",
"status": true,
"return": "0x7ff78b2151c0",
"arguments": [
{
"name": "Module",
"value": "0x7ff78b200000"
},
{
"name": "ResourceInfo",
"value": "0x7ff78b20f2a8"
}
],
"repeated": 0,
"id": 90
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtSetInformationProcess",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessInformationClass",
"value": "93"
},
{
"name": "ProcessInformation",
"value": "\\x7f7\\x9e}"
}
],
"repeated": 0,
"id": 91
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtOpenSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000000c0"
},
{
"name": "DesiredAccess",
"value": "0x0000000d"
},
{
"name": "ObjectAttributes",
"value": "MSCTF.dll"
}
],
"repeated": 0,
"id": 92
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x000000c0"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ec20000"
},
{
"name": "SectionOffset",
"value": "0x00000000"
},
{
"name": "ViewSize",
"value": "0x00115000"
},
{
"name": "Win32Protect",
"value": "0x00000080",
"pretty_value": "PAGE_EXECUTE_WRITECOPY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 93
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ed31000"
},
{
"name": "ModuleName",
"value": "MSCTF.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 94
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ecfc000"
},
{
"name": "ModuleName",
"value": "MSCTF.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 95
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ecfc000"
},
{
"name": "ModuleName",
"value": "MSCTF.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 96
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ecfd000"
},
{
"name": "ModuleName",
"value": "MSCTF.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 97
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ecfd000"
},
{
"name": "ModuleName",
"value": "MSCTF.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 98
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ecfc000"
},
{
"name": "ModuleName",
"value": "MSCTF.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 99
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000000c0"
}
],
"repeated": 0,
"id": 100
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97ecfc000"
},
{
"name": "ModuleName",
"value": "MSCTF.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 101
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtSetInformationProcess",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessInformationClass",
"value": "35"
},
{
"name": "ProcessInformation",
"value": "\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00w\\x00s\\x00\\xb0\\xb8\\xd8\\xad\\x90\\x02\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00s\\x00e\\x00\\xf0\\xfd\\xd9\\xad\\x90\\x02\\x00\\x00X\r\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00p\\x00D\\x00\\x90\\xfd\\xd9\\xad\\x90\\x02\\x00\\x00\\x1c\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00T\\x00e\\x000\\xfd\\xd9\\xad\\x90\\x02\\x00\\x00h\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00U\\x00s\\x00\\xd0\\xfc\\xd9\\xad\\x90\\x02\\x00\\x00h\\x1a\\x00\\x00\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 102
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\System32\\MSCTF"
},
{
"name": "DllBase",
"value": "0x7ff97ec20000"
}
],
"repeated": 0,
"id": 103
},
{
"timestamp": "2026-03-05 09:07:17,963",
"thread_id": "2860",
"caller": "0x7ff97fd0eaa2",
"parentcaller": "0x7ff97fcc77c3",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000003c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 1,
"id": 104
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "LdrpCallInitRoutine",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "MappedPath",
"value": "\\Device\\HarddiskVolume1\\Windows\\System32\\msctf"
},
{
"name": "BaseAddress",
"value": "0x7ff97ec20000"
},
{
"name": "InitRoutine",
"value": "0x7ff97ec609c0"
},
{
"name": "Reason",
"value": "1"
}
],
"repeated": 0,
"id": 105
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97fa59000"
},
{
"name": "ModuleName",
"value": "IMM32.DLL"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 106
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97fa59000"
},
{
"name": "ModuleName",
"value": "IMM32.DLL"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 107
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000208"
}
],
"repeated": 0,
"id": 108
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
}
],
"repeated": 0,
"id": 109
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97fa59000"
},
{
"name": "ModuleName",
"value": "IMM32.DLL"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 110
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97fa59000"
},
{
"name": "ModuleName",
"value": "IMM32.DLL"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 111
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 112
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff97dfe6000"
},
{
"name": "ModuleName",
"value": "GDI32.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 113
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000020c"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
}
],
"repeated": 0,
"id": 114
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "registry",
"api": "NtQueryValueKey",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000020c"
},
{
"name": "ValueName",
"value": "ru-RU"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
}
],
"repeated": 0,
"id": 115
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
}
],
"repeated": 0,
"id": 116
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000020c"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
}
],
"repeated": 0,
"id": 117
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "registry",
"api": "NtQueryValueKey",
"status": false,
"return": "0xffffffffc0000034",
"pretty_return": "OBJECT_NAME_NOT_FOUND",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000020c"
},
{
"name": "ValueName",
"value": "ru-RU"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
}
],
"repeated": 0,
"id": 118
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
}
],
"repeated": 0,
"id": 119
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b206282",
"parentcaller": "0x7ff78b2042b6",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "10"
},
{
"name": "TokenInformation",
"value": "\\xcbS*\\x01\\x00\\x00\\x00\\x00Xk\\x02\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xb5B(\\x01\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 120
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "process",
"api": "NtOpenSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000020c"
},
{
"name": "DesiredAccess",
"value": "0x00000004"
},
{
"name": "ObjectAttributes",
"value": "\\Sessions\\1\\Windows\\ThemeSection"
}
],
"repeated": 0,
"id": 121
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000020c"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290add70000"
},
{
"name": "SectionOffset",
"value": "0xc3e214e270"
},
{
"name": "ViewSize",
"value": "0x00001000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 122
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "process",
"api": "NtOpenSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000210"
},
{
"name": "DesiredAccess",
"value": "0x00000004"
},
{
"name": "ObjectAttributes",
"value": "\\Windows\\Theme1252737088"
}
],
"repeated": 0,
"id": 123
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "process",
"api": "NtOpenSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000214"
},
{
"name": "DesiredAccess",
"value": "0x00000004"
},
{
"name": "ObjectAttributes",
"value": "\\Sessions\\1\\Windows\\Theme396365851"
}
],
"repeated": 0,
"id": 124
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "process",
"api": "NtUnmapViewOfSectionEx",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290add70000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Flags",
"value": "0"
}
],
"repeated": 0,
"id": 125
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
}
],
"repeated": 0,
"id": 126
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000210"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b19f0000"
},
{
"name": "SectionOffset",
"value": "0xc3e214e990"
},
{
"name": "ViewSize",
"value": "0x000e2000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 127
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000214"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290add70000"
},
{
"name": "SectionOffset",
"value": "0xc3e214e990"
},
{
"name": "ViewSize",
"value": "0x00004000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 128
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "LdrGetDllHandle",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileName",
"value": "ntdll.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97fcb0000"
}
],
"repeated": 0,
"id": 129
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "ntdll.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97fcb0000"
},
{
"name": "FunctionName",
"value": "RtlRegisterFeatureConfigurationChangeNotification"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97fcb93b0"
}
],
"repeated": 0,
"id": 130
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "ntdll.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97fcb0000"
},
{
"name": "FunctionName",
"value": "NtQueryWnfStateData"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97fd4fc40"
}
],
"repeated": 0,
"id": 131
},
{
"timestamp": "2026-03-05 09:07:17,979",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "ntdll.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97fcb0000"
},
{
"name": "FunctionName",
"value": "RtlSubscribeWnfStateChangeNotification"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97fcf24a0"
}
],
"repeated": 0,
"id": 132
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "ntdll.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97fcb0000"
},
{
"name": "FunctionName",
"value": "RtlDisownModuleHeapAllocation"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97fd2f9a0"
}
],
"repeated": 0,
"id": 133
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "ntdll.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97fcb0000"
},
{
"name": "FunctionName",
"value": "RtlQueryFeatureConfiguration"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97fd0cbc0"
}
],
"repeated": 0,
"id": 134
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "ntdll.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97fcb0000"
},
{
"name": "FunctionName",
"value": "RtlDllShutdownInProgress"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97fd13380"
}
],
"repeated": 0,
"id": 135
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "synchronization",
"api": "NtCreateMutant",
"status": true,
"return": "0x40000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
},
{
"name": "MutexName",
"value": "Local\\SM0:4596:304:WilStaging_02"
},
{
"name": "InitialOwner",
"value": "0"
}
],
"repeated": 0,
"id": 136
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 137
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 138
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000218"
},
{
"name": "Milliseconds",
"value": "0"
}
],
"repeated": 0,
"id": 139
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 140
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000021c"
},
{
"name": "Milliseconds",
"value": "0"
}
],
"repeated": 0,
"id": 141
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000021c"
}
],
"repeated": 0,
"id": 142
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000218"
}
],
"repeated": 0,
"id": 143
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "synchronization",
"api": "NtReleaseMutant",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
}
],
"repeated": 0,
"id": 144
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b20616d",
"parentcaller": "0x7ff78b206282",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000020c"
}
],
"repeated": 0,
"id": 145
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff78b203f67",
"parentcaller": "0x7ff78b203fb5",
"category": "misc",
"api": "NtQuerySystemInformation",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SystemInformationClass",
"value": "164"
}
],
"repeated": 0,
"id": 146
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 147
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "2860",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addbb000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 148
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "2860",
"caller": "0x7ff969439079",
"parentcaller": "0x7ff969438e63",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "KERNELBASE.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97d6b0000"
},
{
"name": "FunctionName",
"value": "FlsGetValue"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97d6f9900"
}
],
"repeated": 0,
"id": 149
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "2860",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 150
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "2860",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff9694261c0"
},
{
"name": "Parameter",
"value": "0x290addb2e70"
}
],
"repeated": 0,
"id": 151
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "2860",
"caller": "0x7ff969430aaa",
"parentcaller": "0x7ff969430848",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "api-ms-win-appmodel-runtime-l1-1-2"
},
{
"name": "BaseAddress",
"value": "0x7ff97b2e0000"
}
],
"repeated": 0,
"id": 152
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "2860",
"caller": "0x7ff969430aaa",
"parentcaller": "0x7ff969430848",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x7ff97b2e0000",
"arguments": [
{
"name": "lpLibFileName",
"value": "api-ms-win-appmodel-runtime-l1-1-2"
},
{
"name": "dwFlags",
"value": "0x00000800"
}
],
"repeated": 0,
"id": 153
},
{
"timestamp": "2026-03-05 09:07:17,994",
"thread_id": "2860",
"caller": "0x7ff969430b92",
"parentcaller": "0x7ff969430848",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "kernel.appcore.dll"
},
{
"name": "ModuleHandle",
"value": "0x7ff97b2e0000"
},
{
"name": "FunctionName",
"value": "AppPolicyGetThreadInitializationType"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97b2e3100"
}
],
"repeated": 0,
"id": 154
},
{
"timestamp": "2026-03-05 09:07:18,057",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 155
},
{
"timestamp": "2026-03-05 09:07:18,057",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 156
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 157
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 158
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc4000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 159
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 160
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 161
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 162
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc5640",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 163
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addc5960",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5640"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 164
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\SYSTEM32\\webio"
},
{
"name": "DllBase",
"value": "0x7ff96b590000"
}
],
"repeated": 0,
"id": 165
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x7ff97fd0eaa2",
"parentcaller": "0x7ff97fcc77c3",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000003c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 1,
"id": 166
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 167
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff97fd02b20"
},
{
"name": "Parameter",
"value": "0x290add80b50"
}
],
"repeated": 0,
"id": 168
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000248"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000270"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 169
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 170
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000268"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 171
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000268"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 172
},
{
"timestamp": "2026-03-05 09:07:18,072",
"thread_id": "1944",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000268"
}
],
"repeated": 0,
"id": 173
},
{
"timestamp": "2026-03-05 09:07:18,088",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtQuerySystemTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 1,
"id": 174
},
{
"timestamp": "2026-03-05 09:07:18,088",
"thread_id": "6560",
"caller": "0x7ff97fd0eaa2",
"parentcaller": "0x7ff97fcc77c3",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000003c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 175
},
{
"timestamp": "2026-03-05 09:07:18,088",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\mswsock.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff97cac0000"
}
],
"repeated": 0,
"id": 176
},
{
"timestamp": "2026-03-05 09:07:18,088",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\SYSTEM32\\IPHLPAPI"
},
{
"name": "DllBase",
"value": "0x7ff97c7b0000"
}
],
"repeated": 0,
"id": 177
},
{
"timestamp": "2026-03-05 09:07:18,088",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtQuerySystemTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 1,
"id": 178
},
{
"timestamp": "2026-03-05 09:07:18,213",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 179
},
{
"timestamp": "2026-03-05 09:07:18,213",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\System32\\NSI"
},
{
"name": "DllBase",
"value": "0x7ff97f3d0000"
}
],
"repeated": 0,
"id": 180
},
{
"timestamp": "2026-03-05 09:07:18,213",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\SYSTEM32\\WINNSI"
},
{
"name": "DllBase",
"value": "0x7ff976120000"
}
],
"repeated": 0,
"id": 181
},
{
"timestamp": "2026-03-05 09:07:18,229",
"thread_id": "6560",
"caller": "0x7ff97d70028c",
"parentcaller": "0x7ff97ea64b63",
"category": "system",
"api": "NtDuplicateObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SourceProcessHandle",
"value": "0xffffffff"
},
{
"name": "SourceHandle",
"value": "0xfffffffe"
},
{
"name": "TargetProcessHandle",
"value": "0xffffffff"
},
{
"name": "TargetHandle",
"value": "0x00000288"
},
{
"name": "Options",
"value": "0x00000002"
}
],
"repeated": 0,
"id": 182
},
{
"timestamp": "2026-03-05 09:07:18,229",
"thread_id": "6560",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290adddd000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 183
},
{
"timestamp": "2026-03-05 09:07:18,229",
"thread_id": "6560",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addde000"
},
{
"name": "RegionSize",
"value": "0x00002000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 184
},
{
"timestamp": "2026-03-05 09:07:18,229",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 185
},
{
"timestamp": "2026-03-05 09:07:18,244",
"thread_id": "1944",
"caller": "0x7ff97d70028c",
"parentcaller": "0x7ff97ea64b63",
"category": "system",
"api": "NtDuplicateObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SourceProcessHandle",
"value": "0xffffffff"
},
{
"name": "SourceHandle",
"value": "0xfffffffe"
},
{
"name": "TargetProcessHandle",
"value": "0xffffffff"
},
{
"name": "TargetHandle",
"value": "0x00000294"
},
{
"name": "Options",
"value": "0x00000002"
}
],
"repeated": 0,
"id": 186
},
{
"timestamp": "2026-03-05 09:07:18,338",
"thread_id": "1944",
"caller": "0x7ff97fcf7870",
"parentcaller": "0x7ff97fce20f9",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff9750c1000"
},
{
"name": "ModuleName",
"value": "WINHTTP.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 187
},
{
"timestamp": "2026-03-05 09:07:18,338",
"thread_id": "1944",
"caller": "0x7ff97fcf78c1",
"parentcaller": "0x7ff97fce20f9",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff9750c1000"
},
{
"name": "ModuleName",
"value": "WINHTTP.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 188
},
{
"timestamp": "2026-03-05 09:07:18,338",
"thread_id": "1944",
"caller": "0x7ff974fff9ba",
"parentcaller": "0x7ff974fff86d",
"category": "services",
"api": "OpenSCManagerW",
"status": true,
"return": "0x290adde4fc0",
"arguments": [
{
"name": "MachineName",
"value": ""
},
{
"name": "DatabaseName",
"value": ""
},
{
"name": "DesiredAccess",
"value": "0x00000001",
"pretty_value": "SC_MANAGER_CONNECT"
}
],
"repeated": 0,
"id": 189
},
{
"timestamp": "2026-03-05 09:07:18,338",
"thread_id": "1944",
"caller": "0x7ff974fff9e2",
"parentcaller": "0x7ff974fff86d",
"category": "services",
"api": "OpenServiceW",
"status": true,
"return": "0x290adde4cc0",
"arguments": [
{
"name": "ServiceControlManager",
"value": "0x290adde4fc0"
},
{
"name": "ServiceName",
"value": "WinHttpAutoProxySvc"
},
{
"name": "DesiredAccess",
"value": "0x00000094",
"pretty_value": "SERVICE_QUERY_STATUS|SERVICE_START|SERVICE_INTERROGATE"
}
],
"repeated": 0,
"id": 190
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97fcf7870",
"parentcaller": "0x7ff97fce20f9",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff9750c1000"
},
{
"name": "ModuleName",
"value": "WINHTTP.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 191
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97fcf78c1",
"parentcaller": "0x7ff97fce20f9",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff9750c1000"
},
{
"name": "ModuleName",
"value": "WINHTTP.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 192
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6e3b98",
"parentcaller": "0x7ff97d6f0922",
"category": "registry",
"api": "NtQueryValueKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000084"
},
{
"name": "ValueName",
"value": "000603xx"
},
{
"name": "Type",
"value": "1",
"pretty_value": "REG_SZ"
},
{
"name": "Information",
"value": "kernel32.dll"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
}
],
"repeated": 0,
"id": 193
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6dae52",
"parentcaller": "0x7ff97d6f06f8",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "kernel32.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff97eb60000"
}
],
"repeated": 0,
"id": 194
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6dae52",
"parentcaller": "0x7ff97d6f06f8",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x7ff97eb60000",
"arguments": [
{
"name": "lpLibFileName",
"value": "kernel32.dll"
},
{
"name": "dwFlags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 195
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6f0821",
"parentcaller": "0x7ff97d6f0713",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "KERNEL32.DLL"
},
{
"name": "ModuleHandle",
"value": "0x7ff97eb60000"
},
{
"name": "FunctionName",
"value": "SortGetHandle"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97eb6a190"
}
],
"repeated": 0,
"id": 196
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6f0821",
"parentcaller": "0x7ff97d6f072a",
"category": "system",
"api": "LdrGetProcedureAddressForCaller",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ModuleName",
"value": "KERNEL32.DLL"
},
{
"name": "ModuleHandle",
"value": "0x7ff97eb60000"
},
{
"name": "FunctionName",
"value": "SortCloseHandle"
},
{
"name": "Ordinal",
"value": "0"
},
{
"name": "FunctionAddress",
"value": "0x7ff97eb7fe60"
}
],
"repeated": 0,
"id": 197
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6da070",
"parentcaller": "0x7ff97d6d9d96",
"category": "filesystem",
"api": "NtCreateFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000304"
},
{
"name": "DesiredAccess",
"value": "0x80100080",
"pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
},
{
"name": "FileName",
"value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
},
{
"name": "CreateDisposition",
"value": "1",
"pretty_value": "FILE_OPEN"
},
{
"name": "ShareAccess",
"value": "1",
"pretty_value": "FILE_SHARE_READ"
},
{
"name": "FileAttributes",
"value": "0x00000080",
"pretty_value": "FILE_ATTRIBUTE_NORMAL"
},
{
"name": "ExistedBefore",
"value": "yes"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 198
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6e1e71",
"parentcaller": "0x7ff97d6e22f0",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000308"
},
{
"name": "DesiredAccess",
"value": "0x000f0005",
"pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x00000304"
},
{
"name": "FileName",
"value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
}
],
"repeated": 0,
"id": 199
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d7147e6",
"parentcaller": "0x7ff97d7146be",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000308"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290b1b70000"
},
{
"name": "SectionOffset",
"value": "0xc3e277ef20"
},
{
"name": "ViewSize",
"value": "0x00338000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 200
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97eb6b8d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000308"
}
],
"repeated": 0,
"id": 201
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97eb6b8e1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000304"
}
],
"repeated": 0,
"id": 202
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97eb6b459",
"parentcaller": "0x7ff97eb6a643",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000304"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
}
],
"repeated": 0,
"id": 203
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6e1fae",
"parentcaller": "0x7ff97f996d14",
"category": "threading",
"api": "NtOpenThread",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ThreadHandle",
"value": "0x00000308"
},
{
"name": "DesiredAccess",
"value": "0x00100010",
"pretty_value": "THREAD_SET_CONTEXT|0x00100000"
},
{
"name": "ProcessId",
"value": "4596"
},
{
"name": "ThreadId",
"value": "18446744073214096952"
}
],
"repeated": 0,
"id": 204
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "6560",
"caller": "0x7ff97f996a43",
"parentcaller": "0x7ff97fd12d39",
"category": "threading",
"api": "NtQueueApcThread",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessId",
"value": "4596"
},
{
"name": "ThreadId",
"value": "1944"
},
{
"name": "ThreadHandle",
"value": "0x00000308"
},
{
"name": "ApcRoutine",
"value": "0x7ff97f99de70"
},
{
"name": "Module",
"value": "sechost.dll"
}
],
"repeated": 0,
"id": 205
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97fcf7870",
"parentcaller": "0x7ff97fce20f9",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff9750c1000"
},
{
"name": "ModuleName",
"value": "WINHTTP.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "OldAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 206
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97fcf78c1",
"parentcaller": "0x7ff97fce20f9",
"category": "process",
"api": "NtProtectVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x7ff9750c1000"
},
{
"name": "ModuleName",
"value": "WINHTTP.dll"
},
{
"name": "NumberOfBytesProtected",
"value": "0x00001000"
},
{
"name": "MemoryType",
"value": "0x00000000"
},
{
"name": "NewAccessProtection",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "OldAccessProtection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 207
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff97f9986b9",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 208
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff97f9986b9",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000308"
},
{
"name": "Milliseconds",
"value": "0"
}
],
"repeated": 0,
"id": 209
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff97f9986e6",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "250"
}
],
"repeated": 0,
"id": 210
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fff923",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000300"
}
],
"repeated": 0,
"id": 211
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addfa000"
},
{
"name": "RegionSize",
"value": "0x00002000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 212
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 213
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 214
},
{
"timestamp": "2026-03-05 09:07:18,354",
"thread_id": "1944",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 215
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000300"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 216
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000030c"
}
],
"repeated": 0,
"id": 217
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000310"
}
],
"repeated": 0,
"id": 218
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f8"
}
],
"repeated": 0,
"id": 219
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f4"
}
],
"repeated": 0,
"id": 220
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000300"
}
],
"repeated": 0,
"id": 221
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000308"
}
],
"repeated": 0,
"id": 222
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addfc000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 223
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97d6f2bac",
"parentcaller": "0x7ff97d6f29ab",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000308"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Codepage"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Codepage"
}
],
"repeated": 0,
"id": 224
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97d6e3b98",
"parentcaller": "0x7ff97d6f29e9",
"category": "registry",
"api": "NtQueryValueKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000308"
},
{
"name": "ValueName",
"value": "1252"
},
{
"name": "Type",
"value": "1",
"pretty_value": "REG_SZ"
},
{
"name": "Information",
"value": "c_1252.nls"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1252"
}
],
"repeated": 0,
"id": 225
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97d6dc045",
"parentcaller": "0x7ff97d6f3e96",
"category": "filesystem",
"api": "NtQueryAttributesFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileName",
"value": "C:\\Windows\\System32\\C_1252.NLS"
}
],
"repeated": 0,
"id": 226
},
{
"timestamp": "2026-03-05 09:07:18,369",
"thread_id": "1944",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addff000"
},
{
"name": "RegionSize",
"value": "0x00005000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 227
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6dae52",
"parentcaller": "0x7ff97dd12f9c",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\mswsock.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff97cac0000"
}
],
"repeated": 0,
"id": 228
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6dae52",
"parentcaller": "0x7ff97dd12f9c",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000310",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "784"
}
],
"repeated": 0,
"id": 229
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "784"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 230
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "784"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 231
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "784"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 232
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff97dd19653",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 233
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff97dd19653",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000022c"
},
{
"name": "Milliseconds",
"value": "0"
}
],
"repeated": 0,
"id": 234
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade04000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 235
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff97dd19653",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 236
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff97dd19653",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000022c"
},
{
"name": "Milliseconds",
"value": "0"
}
],
"repeated": 0,
"id": 237
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97dd20ed8",
"parentcaller": "0x7ff97dd20d4d",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x7ff97cac0000",
"arguments": [
{
"name": "lpLibFileName",
"value": "C:\\Windows\\System32\\mswsock.dll"
},
{
"name": "dwFlags",
"value": "0x00000022"
}
],
"repeated": 0,
"id": 238
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fce84c4",
"parentcaller": "0x7ff97fcfd176",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000030c"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
}
],
"repeated": 0,
"id": 239
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fdca37d",
"parentcaller": "0x7ff97fd64a40",
"category": "registry",
"api": "NtQueryValueKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000030c"
},
{
"name": "ValueName",
"value": "Latest"
},
{
"name": "Type",
"value": "1",
"pretty_value": "REG_SZ"
},
{
"name": "Information",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
}
],
"repeated": 0,
"id": 240
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd64a96",
"parentcaller": "0x7ff97fcfd176",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000030c"
}
],
"repeated": 0,
"id": 241
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbb6a",
"parentcaller": "0x7ff97fcfb9de",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000030c"
},
{
"name": "DesiredAccess",
"value": "0x00100001",
"pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\mswsock.dll.mui"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 242
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbbc2",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x000f0005",
"pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x0000030c"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\mswsock.dll.mui"
}
],
"repeated": 0,
"id": 243
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbc0c",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x00000318"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af780000"
},
{
"name": "SectionOffset",
"value": "0xc3e277cfa0"
},
{
"name": "ViewSize",
"value": "0x00006000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 244
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbc1c",
"parentcaller": "0x7ff97fcfb9de",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 245
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97dd20ed8",
"parentcaller": "0x7ff97dd20d4d",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x7ff97cac0000",
"arguments": [
{
"name": "lpLibFileName",
"value": "C:\\Windows\\System32\\mswsock.dll"
},
{
"name": "dwFlags",
"value": "0x00000022"
}
],
"repeated": 4,
"id": 246
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97dd20ed8",
"parentcaller": "0x7ff97dd20d4d",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x290af7a0002",
"arguments": [
{
"name": "lpLibFileName",
"value": "C:\\Windows\\System32\\wshqos.dll"
},
{
"name": "dwFlags",
"value": "0x00000022"
}
],
"repeated": 0,
"id": 247
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fce84c4",
"parentcaller": "0x7ff97fcfd176",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
}
],
"repeated": 0,
"id": 248
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fdca37d",
"parentcaller": "0x7ff97fd64a40",
"category": "registry",
"api": "NtQueryValueKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "ValueName",
"value": "Latest"
},
{
"name": "Type",
"value": "1",
"pretty_value": "REG_SZ"
},
{
"name": "Information",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
}
],
"repeated": 0,
"id": 249
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd64a96",
"parentcaller": "0x7ff97fcfd176",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 250
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbb6a",
"parentcaller": "0x7ff97fcfb9de",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00100001",
"pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 251
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbbc2",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "DesiredAccess",
"value": "0x000f0005",
"pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
}
],
"repeated": 0,
"id": 252
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbc0c",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "SectionOffset",
"value": "0xc3e277cfa0"
},
{
"name": "ViewSize",
"value": "0x00004000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 253
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbc1c",
"parentcaller": "0x7ff97fcfb9de",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 254
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd1a7e1",
"parentcaller": "0x7ff97d6c5e19",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "RegionSize",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 255
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd1a7ef",
"parentcaller": "0x7ff97d6c5e19",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 256
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6c5e4e",
"parentcaller": "0x7ff97dd20f45",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7a0000"
},
{
"name": "RegionSize",
"value": "0x0000a000"
}
],
"repeated": 0,
"id": 257
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97dd20ed8",
"parentcaller": "0x7ff97dd20d4d",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x290af7a0002",
"arguments": [
{
"name": "lpLibFileName",
"value": "C:\\Windows\\System32\\wshqos.dll"
},
{
"name": "dwFlags",
"value": "0x00000022"
}
],
"repeated": 0,
"id": 258
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fce84c4",
"parentcaller": "0x7ff97fcfd176",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
}
],
"repeated": 0,
"id": 259
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fdca37d",
"parentcaller": "0x7ff97fd64a40",
"category": "registry",
"api": "NtQueryValueKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "ValueName",
"value": "Latest"
},
{
"name": "Type",
"value": "1",
"pretty_value": "REG_SZ"
},
{
"name": "Information",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
}
],
"repeated": 0,
"id": 260
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd64a96",
"parentcaller": "0x7ff97fcfd176",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 261
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbb6a",
"parentcaller": "0x7ff97fcfb9de",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00100001",
"pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 262
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbbc2",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "DesiredAccess",
"value": "0x000f0005",
"pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
}
],
"repeated": 0,
"id": 263
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbc0c",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "SectionOffset",
"value": "0xc3e277cfa0"
},
{
"name": "ViewSize",
"value": "0x00004000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 264
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbc1c",
"parentcaller": "0x7ff97fcfb9de",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 265
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd1a7e1",
"parentcaller": "0x7ff97d6c5e19",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "RegionSize",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 266
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd1a7ef",
"parentcaller": "0x7ff97d6c5e19",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 267
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97d6c5e4e",
"parentcaller": "0x7ff97dd20f45",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7a0000"
},
{
"name": "RegionSize",
"value": "0x0000a000"
}
],
"repeated": 0,
"id": 268
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97dd20ed8",
"parentcaller": "0x7ff97dd20d4d",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x290af7a0002",
"arguments": [
{
"name": "lpLibFileName",
"value": "C:\\Windows\\System32\\wshqos.dll"
},
{
"name": "dwFlags",
"value": "0x00000022"
}
],
"repeated": 0,
"id": 269
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fce84c4",
"parentcaller": "0x7ff97fcfd176",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
}
],
"repeated": 0,
"id": 270
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fdca37d",
"parentcaller": "0x7ff97fd64a40",
"category": "registry",
"api": "NtQueryValueKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "ValueName",
"value": "Latest"
},
{
"name": "Type",
"value": "1",
"pretty_value": "REG_SZ"
},
{
"name": "Information",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
}
],
"repeated": 0,
"id": 271
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fd64a96",
"parentcaller": "0x7ff97fcfd176",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 272
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbb6a",
"parentcaller": "0x7ff97fcfb9de",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00100001",
"pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 273
},
{
"timestamp": "2026-03-05 09:07:18,400",
"thread_id": "1944",
"caller": "0x7ff97fcfbbc2",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "DesiredAccess",
"value": "0x000f0005",
"pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
}
],
"repeated": 0,
"id": 274
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fcfbc0c",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "SectionOffset",
"value": "0xc3e277cfa0"
},
{
"name": "ViewSize",
"value": "0x00004000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 275
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fcfbc1c",
"parentcaller": "0x7ff97fcfb9de",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 276
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fd1a7e1",
"parentcaller": "0x7ff97d6c5e19",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "RegionSize",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 277
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fd1a7ef",
"parentcaller": "0x7ff97d6c5e19",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 278
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97d6c5e4e",
"parentcaller": "0x7ff97dd20f45",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7a0000"
},
{
"name": "RegionSize",
"value": "0x0000a000"
}
],
"repeated": 0,
"id": 279
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97dd20ed8",
"parentcaller": "0x7ff97dd20d4d",
"category": "system",
"api": "LoadLibraryExW",
"status": true,
"return": "0x290af7a0002",
"arguments": [
{
"name": "lpLibFileName",
"value": "C:\\Windows\\System32\\wshqos.dll"
},
{
"name": "dwFlags",
"value": "0x00000022"
}
],
"repeated": 0,
"id": 280
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fce84c4",
"parentcaller": "0x7ff97fcfd176",
"category": "registry",
"api": "NtOpenKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00020019",
"pretty_value": "KEY_READ"
},
{
"name": "ObjectAttributesHandle",
"value": "0x00000000"
},
{
"name": "ObjectAttributesName",
"value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
}
],
"repeated": 0,
"id": 281
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fdca37d",
"parentcaller": "0x7ff97fd64a40",
"category": "registry",
"api": "NtQueryValueKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "ValueName",
"value": "Latest"
},
{
"name": "Type",
"value": "1",
"pretty_value": "REG_SZ"
},
{
"name": "Information",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
}
],
"repeated": 0,
"id": 282
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fd64a96",
"parentcaller": "0x7ff97fcfd176",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 283
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fcfbb6a",
"parentcaller": "0x7ff97fcfb9de",
"category": "filesystem",
"api": "NtOpenFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "DesiredAccess",
"value": "0x00100001",
"pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
},
{
"name": "ShareAccess",
"value": "5",
"pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
}
],
"repeated": 0,
"id": 284
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fcfbbc2",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtCreateSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "DesiredAccess",
"value": "0x000f0005",
"pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
},
{
"name": "ObjectAttributes",
"value": ""
},
{
"name": "FileHandle",
"value": "0x00000318"
},
{
"name": "FileName",
"value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
}
],
"repeated": 0,
"id": 285
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fcfbc0c",
"parentcaller": "0x7ff97fcfb9de",
"category": "process",
"api": "NtMapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SectionHandle",
"value": "0x0000031c"
},
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "SectionOffset",
"value": "0xc3e277cfa0"
},
{
"name": "ViewSize",
"value": "0x00004000"
},
{
"name": "Win32Protect",
"value": "0x00000002",
"pretty_value": "PAGE_READONLY"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 286
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fcfbc1c",
"parentcaller": "0x7ff97fcfb9de",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 287
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fd1a7e1",
"parentcaller": "0x7ff97d6c5e19",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7b0000"
},
{
"name": "RegionSize",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 288
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fd1a7ef",
"parentcaller": "0x7ff97d6c5e19",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 289
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97d6c5e4e",
"parentcaller": "0x7ff97dd20f45",
"category": "process",
"api": "NtUnmapViewOfSection",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290af7a0000"
},
{
"name": "RegionSize",
"value": "0x0000a000"
}
],
"repeated": 0,
"id": 290
},
{
"timestamp": "2026-03-05 09:07:18,416",
"thread_id": "1944",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade07000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 291
},
{
"timestamp": "2026-03-05 09:07:18,463",
"thread_id": "1944",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000310"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 292
},
{
"timestamp": "2026-03-05 09:07:18,463",
"thread_id": "1944",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000310"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08l\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 293
},
{
"timestamp": "2026-03-05 09:07:18,463",
"thread_id": "1944",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "784"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 294
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5960"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 295
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 296
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 297
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e8"
}
],
"repeated": 0,
"id": 298
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "784"
}
],
"repeated": 0,
"id": 299
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000228"
}
],
"repeated": 0,
"id": 300
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 301
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 302
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 303
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
}
],
"repeated": 0,
"id": 304
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 305
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 306
},
{
"timestamp": "2026-03-05 09:07:20,619",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff974fd48c5",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "30000"
}
],
"repeated": 0,
"id": 307
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 308
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 309
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 310
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 311
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 312
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 313
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 314
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addf5150",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 315
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addc4a70",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addf5150"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 316
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x000002f0"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000248"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 317
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 318
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97d6defbc",
"parentcaller": "0x7ff97d6db8e6",
"category": "misc",
"api": "RtlSetCurrentTransaction",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "TransactionHandle",
"value": "0x00000000"
}
],
"repeated": 1,
"id": 319
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97d6dfd74",
"parentcaller": "0x7ff97d6dc30b",
"category": "registry",
"api": "NtQueryKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000000c8"
},
{
"name": "KeyInformation",
"value": "\\x00\\x00\\x00\\x00"
},
{
"name": "KeyInformationClass",
"value": "7"
}
],
"repeated": 0,
"id": 320
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97d6dc34e",
"parentcaller": "0x7ff97d6dbd0f",
"category": "registry",
"api": "NtCreateKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000024c"
},
{
"name": "DesiredAccess",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "ObjectAttributesHandle",
"value": "0x000000c8"
},
{
"name": "ObjectAttributesName",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "ObjectAttributes",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 321
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000024c"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 322
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 323
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97fd24fed",
"parentcaller": "0x7ff97fd24bb3",
"category": "threading",
"api": "NtTestAlert",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 324
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "threading",
"api": "RtlUserThreadStart",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "StartAddress",
"value": "0x7ff97fd02b20"
},
{
"name": "Parameter",
"value": "0x290add80b50"
}
],
"repeated": 0,
"id": 325
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97d70028c",
"parentcaller": "0x7ff97ea64b63",
"category": "system",
"api": "NtDuplicateObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SourceProcessHandle",
"value": "0xffffffff"
},
{
"name": "SourceHandle",
"value": "0xfffffffe"
},
{
"name": "TargetProcessHandle",
"value": "0xffffffff"
},
{
"name": "TargetHandle",
"value": "0x00000350"
},
{
"name": "Options",
"value": "0x00000002"
}
],
"repeated": 0,
"id": 326
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 327
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 328
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 329
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 330
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000228"
}
],
"repeated": 0,
"id": 331
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 332
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 333
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 334
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 335
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff97fcbe715",
"parentcaller": "0x7ff97fcbe37b",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade0c000"
},
{
"name": "RegionSize",
"value": "0x00005000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 336
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000278",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "632"
}
],
"repeated": 0,
"id": 337
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "632"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 338
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "632"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 339
},
{
"timestamp": "2026-03-05 09:07:21,635",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "632"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 340
},
{
"timestamp": "2026-03-05 09:07:21,650",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000278"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 341
},
{
"timestamp": "2026-03-05 09:07:21,650",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000278"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8w\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 342
},
{
"timestamp": "2026-03-05 09:07:21,650",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "632"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 343
},
{
"timestamp": "2026-03-05 09:07:23,010",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 344
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc4a70"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 345
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 346
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 347
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 348
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "632"
}
],
"repeated": 0,
"id": 349
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 350
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000328"
}
],
"repeated": 0,
"id": 351
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
}
],
"repeated": 0,
"id": 352
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 353
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 354
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 355
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 356
},
{
"timestamp": "2026-03-05 09:07:23,791",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 357
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 358
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 359
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 360
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 361
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000330"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x0000031c"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 362
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 363
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 364
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000320"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 365
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000320"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 366
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 367
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 368
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addc4a70",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 369
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 370
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 371
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 372
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 373
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 374
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 375
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 376
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 377
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 378
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000348",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "840"
}
],
"repeated": 0,
"id": 379
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 380
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 381
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 382
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000348"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 383
},
{
"timestamp": "2026-03-05 09:07:24,807",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000348"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08l\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 384
},
{
"timestamp": "2026-03-05 09:07:24,822",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 385
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc4a70"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 386
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 387
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 388
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 389
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 390
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 391
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 392
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 393
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 394
},
{
"timestamp": "2026-03-05 09:07:26,963",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 395
},
{
"timestamp": "2026-03-05 09:07:27,979",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 396
},
{
"timestamp": "2026-03-05 09:07:28,025",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 1,
"id": 397
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 398
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 399
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 400
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 401
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 402
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 403
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 404
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 405
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addc4a70",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 406
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000270"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000340"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 407
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 408
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000318"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 409
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff97d6e0429",
"parentcaller": "0x7ff97d6dcdca",
"category": "registry",
"api": "NtQueryKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000318"
},
{
"name": "KeyInformation",
"value": "\\xff9c\\xffc16Y1\\xffc3\\xffd8\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
},
{
"name": "KeyInformationClass",
"value": "4"
}
],
"repeated": 0,
"id": 410
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 411
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 412
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 413
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 414
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000328"
}
],
"repeated": 0,
"id": 415
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 416
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000348",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "840"
}
],
"repeated": 0,
"id": 417
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 418
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 419
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 420
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 421
},
{
"timestamp": "2026-03-05 09:07:37,994",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 422
},
{
"timestamp": "2026-03-05 09:07:38,010",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 423
},
{
"timestamp": "2026-03-05 09:07:38,057",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 424
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6440",
"caller": "0x7ff97d70028c",
"parentcaller": "0x7ff97dd1f22b",
"category": "system",
"api": "NtDuplicateObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "SourceProcessHandle",
"value": "0xffffffff"
},
{
"name": "SourceHandle",
"value": "0xfffffffe"
},
{
"name": "TargetProcessHandle",
"value": "0xffffffff"
},
{
"name": "TargetHandle",
"value": "0x00000328"
},
{
"name": "Options",
"value": "0x00000002"
}
],
"repeated": 0,
"id": 425
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc4a70"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 426
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 427
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 428
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 429
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6440",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
}
],
"repeated": 0,
"id": 430
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 431
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 432
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 433
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 434
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 435
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 436
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 437
},
{
"timestamp": "2026-03-05 09:07:40,150",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 438
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 439
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 440
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 441
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 442
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000338"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000324"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 443
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 444
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 445
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 446
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000348"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 447
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000348"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 448
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 449
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 450
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 451
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 452
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 453
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 454
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 455
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000035c"
}
],
"repeated": 0,
"id": 456
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 457
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000002f0",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "752"
}
],
"repeated": 0,
"id": 458
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 459
},
{
"timestamp": "2026-03-05 09:07:41,166",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 460
},
{
"timestamp": "2026-03-05 09:07:41,182",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 461
},
{
"timestamp": "2026-03-05 09:07:41,182",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000002f0"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 462
},
{
"timestamp": "2026-03-05 09:07:41,182",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000002f0"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8w\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 463
},
{
"timestamp": "2026-03-05 09:07:41,182",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 464
},
{
"timestamp": "2026-03-05 09:07:43,088",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 465
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc4a70"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 466
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 467
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 468
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 469
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 470
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 471
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 472
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 473
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 474
},
{
"timestamp": "2026-03-05 09:07:43,322",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 475
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 476
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 477
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 478
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 479
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 480
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 481
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 482
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 483
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290ade08bc0",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 484
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000358"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000338"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 485
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 486
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000330"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 487
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000330"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 488
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 489
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 490
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 491
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 492
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 493
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 494
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 495
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000370"
}
],
"repeated": 0,
"id": 496
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 497
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 498
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000324",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "804"
}
],
"repeated": 0,
"id": 499
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "804"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 500
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "804"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 501
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "804"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 502
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000324"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 503
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000324"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18f\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 504
},
{
"timestamp": "2026-03-05 09:07:44,338",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "804"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 505
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290ade08bc0"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 506
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 507
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
}
],
"repeated": 0,
"id": 508
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 509
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "804"
}
],
"repeated": 0,
"id": 510
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 511
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 512
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 513
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 514
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 515
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 516
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 517
},
{
"timestamp": "2026-03-05 09:07:46,494",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 518
},
{
"timestamp": "2026-03-05 09:07:47,510",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 519
},
{
"timestamp": "2026-03-05 09:07:48,104",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 520
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97ea5fbd2",
"parentcaller": "0x7ff97ea5fb34",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 521
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade15000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 522
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 523
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 524
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290adddb000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 525
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade10000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 526
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 527
},
{
"timestamp": "2026-03-05 09:07:48,354",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade08000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 528
},
{
"timestamp": "2026-03-05 09:07:50,635",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff974fd48c5",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "30000"
}
],
"repeated": 0,
"id": 529
},
{
"timestamp": "2026-03-05 09:07:53,119",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 530
},
{
"timestamp": "2026-03-05 09:07:57,525",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 531
},
{
"timestamp": "2026-03-05 09:07:58,135",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 532
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 533
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 534
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 535
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000250"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000354"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 536
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 537
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 538
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 539
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x0000036c"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 540
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addfd250",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 541
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000036c"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 542
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 543
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addf5150",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addfd250"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 544
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97fcbed8a",
"parentcaller": "0x7ff97fcddb07",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade08000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 545
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97fcbed8a",
"parentcaller": "0x7ff97fcddb07",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 546
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 547
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 548
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 549
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 550
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 551
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 552
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 553
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 554
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 555
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6560",
"caller": "0x7ff97fcbed8a",
"parentcaller": "0x7ff97fcddb07",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290adddb000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 556
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x0000032c",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "812"
}
],
"repeated": 0,
"id": 557
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 558
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 559
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 560
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000032c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 561
},
{
"timestamp": "2026-03-05 09:07:58,447",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000032c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8^\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 562
},
{
"timestamp": "2026-03-05 09:07:58,463",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 563
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addf5150"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 564
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 565
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 566
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000035c"
}
],
"repeated": 0,
"id": 567
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
}
],
"repeated": 0,
"id": 568
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 569
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000370"
}
],
"repeated": 0,
"id": 570
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 571
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 572
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 573
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 574
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 575
},
{
"timestamp": "2026-03-05 09:08:00,604",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 576
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 577
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 578
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 579
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 580
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 581
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 582
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 583
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 584
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290ade08bc0",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 585
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000374"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000360"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 586
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 587
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000250"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 588
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000250"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 589
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 590
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 591
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 592
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 593
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000037c"
}
],
"repeated": 0,
"id": 594
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000380"
}
],
"repeated": 0,
"id": 595
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 596
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 597
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
}
],
"repeated": 0,
"id": 598
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 599
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000250",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "592"
}
],
"repeated": 0,
"id": 600
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "592"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 601
},
{
"timestamp": "2026-03-05 09:08:01,619",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "592"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 602
},
{
"timestamp": "2026-03-05 09:08:01,635",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "592"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 603
},
{
"timestamp": "2026-03-05 09:08:01,635",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000250"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 604
},
{
"timestamp": "2026-03-05 09:08:01,635",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000250"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00(`\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 605
},
{
"timestamp": "2026-03-05 09:08:01,635",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "592"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 606
},
{
"timestamp": "2026-03-05 09:08:03,150",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 607
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290ade08bc0"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 608
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 609
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 610
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290adddb000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 611
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 612
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 613
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 614
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 615
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 616
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 617
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 618
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 619
},
{
"timestamp": "2026-03-05 09:08:03,775",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 620
},
{
"timestamp": "2026-03-05 09:08:04,791",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 621
},
{
"timestamp": "2026-03-05 09:08:04,791",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 622
},
{
"timestamp": "2026-03-05 09:08:04,791",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 623
},
{
"timestamp": "2026-03-05 09:08:04,791",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 624
},
{
"timestamp": "2026-03-05 09:08:04,791",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 625
},
{
"timestamp": "2026-03-05 09:08:04,791",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 626
},
{
"timestamp": "2026-03-05 09:08:04,791",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 627
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000374"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 628
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000374"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 629
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 630
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 631
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 632
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 633
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 634
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 635
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97fcbed8a",
"parentcaller": "0x7ff97fcddb07",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade15000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 636
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x0000036c",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "876"
}
],
"repeated": 0,
"id": 637
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "876"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 638
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "876"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 639
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "876"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 640
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000036c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 641
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000036c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8c\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 642
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "876"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 643
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000037c"
}
],
"repeated": 0,
"id": 644
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000380"
}
],
"repeated": 0,
"id": 645
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 646
},
{
"timestamp": "2026-03-05 09:08:04,807",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 647
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290ade08bc0"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 648
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 649
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 650
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 651
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 652
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 653
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 654
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 655
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 656
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 657
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade13000"
},
{
"name": "RegionSize",
"value": "0x00005000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 658
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 659
},
{
"timestamp": "2026-03-05 09:08:06,947",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 660
},
{
"timestamp": "2026-03-05 09:08:07,963",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 661
},
{
"timestamp": "2026-03-05 09:08:08,166",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 1,
"id": 662
},
{
"timestamp": "2026-03-05 09:08:16,010",
"thread_id": "2176",
"caller": "0x7ff97fd0466e",
"parentcaller": "0x7ff97fd03738",
"category": "threading",
"api": "NtQueryInformationThread",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ThreadHandle",
"value": "0xfffffffe"
},
{
"name": "ThreadInformationClass",
"value": "12"
},
{
"name": "ThreadInformation",
"value": "\\x00\\x00\\x00\\x00"
},
{
"name": "ThreadId",
"value": "2176"
}
],
"repeated": 0,
"id": 663
},
{
"timestamp": "2026-03-05 09:08:16,010",
"thread_id": "2176",
"caller": "0x7ff97fd0468e",
"parentcaller": "0x7ff97fd03738",
"category": "threading",
"api": "NtTerminateThread",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ThreadHandle",
"value": "0x00000000"
},
{
"name": "ExitStatus",
"value": "0x00000000"
},
{
"name": "ThreadId",
"value": "0"
},
{
"name": "ProcessId",
"value": "0"
}
],
"repeated": 0,
"id": 664
},
{
"timestamp": "2026-03-05 09:08:16,010",
"thread_id": "6448",
"caller": "0x7ff97fd0466e",
"parentcaller": "0x7ff97fd03738",
"category": "threading",
"api": "NtQueryInformationThread",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ThreadHandle",
"value": "0xfffffffe"
},
{
"name": "ThreadInformationClass",
"value": "12"
},
{
"name": "ThreadInformation",
"value": "\\x00\\x00\\x00\\x00"
},
{
"name": "ThreadId",
"value": "6448"
}
],
"repeated": 0,
"id": 665
},
{
"timestamp": "2026-03-05 09:08:16,010",
"thread_id": "6448",
"caller": "0x7ff97fd0468e",
"parentcaller": "0x7ff97fd03738",
"category": "threading",
"api": "NtTerminateThread",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ThreadHandle",
"value": "0x00000000"
},
{
"name": "ExitStatus",
"value": "0x00000000"
},
{
"name": "ThreadId",
"value": "0"
},
{
"name": "ProcessId",
"value": "0"
}
],
"repeated": 0,
"id": 666
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 667
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 668
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 669
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 670
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 671
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 672
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 673
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc5040",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 674
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000340"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 675
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000340"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 676
},
{
"timestamp": "2026-03-05 09:08:17,979",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 677
},
{
"timestamp": "2026-03-05 09:08:17,994",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 678
},
{
"timestamp": "2026-03-05 09:08:17,994",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 679
},
{
"timestamp": "2026-03-05 09:08:17,994",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 680
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 681
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 682
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000374",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "884"
}
],
"repeated": 0,
"id": 683
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "884"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 684
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "884"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 685
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "884"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 686
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000374"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 687
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000374"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00h[\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 688
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "884"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 689
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 690
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000370"
}
],
"repeated": 0,
"id": 691
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
}
],
"repeated": 0,
"id": 692
},
{
"timestamp": "2026-03-05 09:08:18,010",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 693
},
{
"timestamp": "2026-03-05 09:08:18,229",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 694
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 695
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 696
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 697
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 698
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "884"
}
],
"repeated": 0,
"id": 699
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade13000"
},
{
"name": "RegionSize",
"value": "0x00005000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 700
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 701
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade10000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 702
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 703
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 704
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 705
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 706
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 707
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 708
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 709
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 710
},
{
"timestamp": "2026-03-05 09:08:20,166",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 711
},
{
"timestamp": "2026-03-05 09:08:20,619",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e4"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 712
},
{
"timestamp": "2026-03-05 09:08:20,619",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e4"
}
],
"repeated": 0,
"id": 713
},
{
"timestamp": "2026-03-05 09:08:20,650",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff974fd48c5",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "30000"
}
],
"repeated": 0,
"id": 714
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 715
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 716
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 717
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 718
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 719
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 720
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 721
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 722
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 723
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000318"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000368"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 724
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 725
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000374"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 726
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000374"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 727
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 728
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 729
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 730
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 731
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 732
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
}
],
"repeated": 0,
"id": 733
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 734
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 735
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 736
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 737
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6560",
"caller": "0x7ff97fcbed8a",
"parentcaller": "0x7ff97fcddb07",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 738
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000370",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "880"
}
],
"repeated": 0,
"id": 739
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "880"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 740
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "880"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 741
},
{
"timestamp": "2026-03-05 09:08:21,182",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "880"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 742
},
{
"timestamp": "2026-03-05 09:08:21,197",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000370"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 743
},
{
"timestamp": "2026-03-05 09:08:21,197",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000370"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18f\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 744
},
{
"timestamp": "2026-03-05 09:08:21,197",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "880"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 745
},
{
"timestamp": "2026-03-05 09:08:23,244",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 746
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 747
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 748
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 749
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 750
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 751
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e4"
}
],
"repeated": 0,
"id": 752
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 753
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000035c"
}
],
"repeated": 0,
"id": 754
},
{
"timestamp": "2026-03-05 09:08:23,338",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 755
},
{
"timestamp": "2026-03-05 09:08:23,807",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 756
},
{
"timestamp": "2026-03-05 09:08:23,807",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 757
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 758
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 759
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 760
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 761
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 762
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 763
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 764
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5040"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 765
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000002e4"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 766
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000002e4"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 767
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e4"
}
],
"repeated": 0,
"id": 768
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 769
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 770
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e4"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 771
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 772
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 773
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000344",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "836"
}
],
"repeated": 0,
"id": 774
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "836"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 775
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "836"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 776
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "836"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 777
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000037c"
}
],
"repeated": 0,
"id": 778
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000380"
}
],
"repeated": 0,
"id": 779
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000344"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 780
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 781
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000344"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98o\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 782
},
{
"timestamp": "2026-03-05 09:08:24,354",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "836"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 783
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 784
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 785
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 786
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 787
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade10000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 788
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 789
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 790
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 791
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000035c"
}
],
"repeated": 0,
"id": 792
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 793
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 794
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 795
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 796
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 797
},
{
"timestamp": "2026-03-05 09:08:26,510",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 798
},
{
"timestamp": "2026-03-05 09:08:26,979",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 799
},
{
"timestamp": "2026-03-05 09:08:26,979",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
}
],
"repeated": 0,
"id": 800
},
{
"timestamp": "2026-03-05 09:08:27,525",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 801
},
{
"timestamp": "2026-03-05 09:08:28,260",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 1,
"id": 802
},
{
"timestamp": "2026-03-05 09:08:37,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 803
},
{
"timestamp": "2026-03-05 09:08:37,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 804
},
{
"timestamp": "2026-03-05 09:08:37,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 805
},
{
"timestamp": "2026-03-05 09:08:37,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 806
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 807
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 808
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 809
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc5040",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 810
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5040"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 811
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000358"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000320"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 812
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 813
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000364"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 814
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000364"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 815
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
}
],
"repeated": 0,
"id": 816
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 817
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 818
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 819
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000374"
}
],
"repeated": 0,
"id": 820
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 821
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x0000025c",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "604"
}
],
"repeated": 0,
"id": 822
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "604"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 823
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "604"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 824
},
{
"timestamp": "2026-03-05 09:08:37,557",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "604"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 825
},
{
"timestamp": "2026-03-05 09:08:37,572",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000025c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 826
},
{
"timestamp": "2026-03-05 09:08:37,572",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000025c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8w\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 827
},
{
"timestamp": "2026-03-05 09:08:37,572",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "604"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 828
},
{
"timestamp": "2026-03-05 09:08:37,572",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000278"
}
],
"repeated": 0,
"id": 829
},
{
"timestamp": "2026-03-05 09:08:37,572",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000330"
}
],
"repeated": 0,
"id": 830
},
{
"timestamp": "2026-03-05 09:08:37,572",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000364"
}
],
"repeated": 0,
"id": 831
},
{
"timestamp": "2026-03-05 09:08:37,572",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000036c"
}
],
"repeated": 0,
"id": 832
},
{
"timestamp": "2026-03-05 09:08:38,291",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 833
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 834
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e4"
}
],
"repeated": 0,
"id": 835
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 836
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000380"
}
],
"repeated": 0,
"id": 837
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "604"
}
],
"repeated": 0,
"id": 838
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 839
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 840
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade10000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 841
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 842
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
}
],
"repeated": 0,
"id": 843
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 844
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 845
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 846
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 847
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000037c"
}
],
"repeated": 0,
"id": 848
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 849
},
{
"timestamp": "2026-03-05 09:08:39,713",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000035c"
}
],
"repeated": 0,
"id": 850
},
{
"timestamp": "2026-03-05 09:08:40,150",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 851
},
{
"timestamp": "2026-03-05 09:08:40,150",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 852
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 853
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 854
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 855
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 856
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x0000024c"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000318"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 857
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 858
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 859
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000248"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 860
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000248"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 861
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
}
],
"repeated": 0,
"id": 862
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc5040",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 863
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addf81e0",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5040"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 864
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 865
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 866
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 867
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000380"
}
],
"repeated": 0,
"id": 868
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002e4"
}
],
"repeated": 0,
"id": 869
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000344"
}
],
"repeated": 0,
"id": 870
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000370"
}
],
"repeated": 0,
"id": 871
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000248"
}
],
"repeated": 0,
"id": 872
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000025c"
}
],
"repeated": 0,
"id": 873
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x0000032c",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "812"
}
],
"repeated": 0,
"id": 874
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 875
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 876
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 877
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000032c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 878
},
{
"timestamp": "2026-03-05 09:08:40,729",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000032c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8w\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 879
},
{
"timestamp": "2026-03-05 09:08:40,744",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "812"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 880
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addf81e0"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 881
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 882
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 883
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade10000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 884
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 885
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000035c"
}
],
"repeated": 0,
"id": 886
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 887
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 888
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 889
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000037c"
}
],
"repeated": 0,
"id": 890
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 891
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 892
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "6560",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 893
},
{
"timestamp": "2026-03-05 09:08:42,885",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 894
},
{
"timestamp": "2026-03-05 09:08:43,307",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 895
},
{
"timestamp": "2026-03-05 09:08:43,322",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 896
},
{
"timestamp": "2026-03-05 09:08:43,322",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 897
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 898
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 899
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 900
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 901
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 902
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 903
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 904
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc5040",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 905
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addf81e0",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5040"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 906
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000320"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000002fc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 907
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 908
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x0000024c"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 909
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000024c"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 910
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 911
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 912
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000039c"
}
],
"repeated": 0,
"id": 913
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a0"
}
],
"repeated": 0,
"id": 914
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000390"
}
],
"repeated": 0,
"id": 915
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 916
},
{
"timestamp": "2026-03-05 09:08:43,900",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 917
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000398"
}
],
"repeated": 0,
"id": 918
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000394",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "916"
}
],
"repeated": 0,
"id": 919
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 920
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 921
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 922
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000394"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 923
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000394"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8]\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 924
},
{
"timestamp": "2026-03-05 09:08:43,916",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 925
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addf81e0"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 926
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 927
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 928
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade10000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 929
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 930
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 931
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 932
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000035c"
}
],
"repeated": 0,
"id": 933
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 934
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 935
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 936
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "6560",
"caller": "0x00000000",
"parentcaller": "0x00000000",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000388"
}
],
"repeated": 0,
"id": 937
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 938
},
{
"timestamp": "2026-03-05 09:08:46,057",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 939
},
{
"timestamp": "2026-03-05 09:08:46,510",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 940
},
{
"timestamp": "2026-03-05 09:08:46,510",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 941
},
{
"timestamp": "2026-03-05 09:08:47,072",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 942
},
{
"timestamp": "2026-03-05 09:08:48,322",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 943
},
{
"timestamp": "2026-03-05 09:08:50,666",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff974fd48c5",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "30000"
}
],
"repeated": 0,
"id": 944
},
{
"timestamp": "2026-03-05 09:08:53,338",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 945
},
{
"timestamp": "2026-03-05 09:08:57,088",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 946
},
{
"timestamp": "2026-03-05 09:08:57,088",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 947
},
{
"timestamp": "2026-03-05 09:08:57,088",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 948
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 949
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 950
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 951
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 952
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000384"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 953
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000384"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 954
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 955
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 956
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 957
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 958
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000318"
}
],
"repeated": 0,
"id": 959
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000358"
}
],
"repeated": 0,
"id": 960
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000039c"
}
],
"repeated": 0,
"id": 961
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a0"
}
],
"repeated": 0,
"id": 962
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000024c"
}
],
"repeated": 0,
"id": 963
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000037c"
}
],
"repeated": 0,
"id": 964
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000384",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "900"
}
],
"repeated": 0,
"id": 965
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 966
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 967
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 968
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000384"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 969
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000384"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8w\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 970
},
{
"timestamp": "2026-03-05 09:08:57,104",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 971
},
{
"timestamp": "2026-03-05 09:08:58,354",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 972
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 973
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 974
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 975
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade10000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 976
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade08000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 977
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 978
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 979
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000388"
}
],
"repeated": 0,
"id": 980
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 981
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 982
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 983
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000390"
}
],
"repeated": 0,
"id": 984
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 985
},
{
"timestamp": "2026-03-05 09:08:59,260",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 986
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 987
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 988
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 989
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 990
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 991
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 992
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 993
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc5040",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 994
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5040"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 995
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000390"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000003b8"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 996
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 997
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003bc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 998
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003bc"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 999
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
}
],
"repeated": 0,
"id": 1000
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1001
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1002
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1003
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c4"
}
],
"repeated": 0,
"id": 1004
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1005
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1006
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b0"
}
],
"repeated": 0,
"id": 1007
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
}
],
"repeated": 0,
"id": 1008
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1009
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97fcbed8a",
"parentcaller": "0x7ff97fcddb07",
"category": "process",
"api": "NtAllocateVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "Protection",
"value": "0x00000004",
"pretty_value": "PAGE_READWRITE"
},
{
"name": "StackPivoted",
"value": "no"
}
],
"repeated": 0,
"id": 1010
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000003cc",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "972"
}
],
"repeated": 0,
"id": 1011
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1012
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1013
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1014
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003cc"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1015
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003cc"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00Hg\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1016
},
{
"timestamp": "2026-03-05 09:09:00,275",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1017
},
{
"timestamp": "2026-03-05 09:09:00,619",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1018
},
{
"timestamp": "2026-03-05 09:09:00,619",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1019
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1020
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a4"
}
],
"repeated": 0,
"id": 1021
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a8"
}
],
"repeated": 0,
"id": 1022
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1023
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
}
],
"repeated": 0,
"id": 1024
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1025
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1026
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1027
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1028
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade08000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1029
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 1030
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1031
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1032
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1033
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000390"
}
],
"repeated": 0,
"id": 1034
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1035
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1036
},
{
"timestamp": "2026-03-05 09:09:02,447",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003ac"
}
],
"repeated": 0,
"id": 1037
},
{
"timestamp": "2026-03-05 09:09:03,369",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1038
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1039
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1040
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1041
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1042
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1043
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1044
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1045
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addc5040",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1046
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addf81e0",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc5040"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1047
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x000003ac"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000003c8"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1048
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1049
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003c4"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1050
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003c4"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1051
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c4"
}
],
"repeated": 0,
"id": 1052
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1053
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1054
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000390"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1055
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1056
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1057
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1058
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b0"
}
],
"repeated": 0,
"id": 1059
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000390"
}
],
"repeated": 0,
"id": 1060
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1061
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000003c4",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "964"
}
],
"repeated": 0,
"id": 1062
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1063
},
{
"timestamp": "2026-03-05 09:09:03,463",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1064
},
{
"timestamp": "2026-03-05 09:09:03,479",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1065
},
{
"timestamp": "2026-03-05 09:09:03,479",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003c4"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1066
},
{
"timestamp": "2026-03-05 09:09:03,479",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003c4"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08l\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1067
},
{
"timestamp": "2026-03-05 09:09:03,479",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1068
},
{
"timestamp": "2026-03-05 09:09:03,775",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1069
},
{
"timestamp": "2026-03-05 09:09:03,775",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 1070
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addf81e0"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1071
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1072
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1073
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1074
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1075
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade08000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1076
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1077
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1078
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 1079
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1080
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1081
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003ac"
}
],
"repeated": 0,
"id": 1082
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1083
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
}
],
"repeated": 0,
"id": 1084
},
{
"timestamp": "2026-03-05 09:09:05,619",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a8"
}
],
"repeated": 0,
"id": 1085
},
{
"timestamp": "2026-03-05 09:09:06,635",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 1086
},
{
"timestamp": "2026-03-05 09:09:06,947",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1087
},
{
"timestamp": "2026-03-05 09:09:06,947",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1088
},
{
"timestamp": "2026-03-05 09:09:08,385",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 1,
"id": 1089
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1090
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1091
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1092
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1093
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1094
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1095
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1096
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addde050",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1097
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addde050"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1098
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x000003a8"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000324"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1099
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1100
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x0000038c"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1101
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000038c"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1102
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1103
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1104
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1105
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1106
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1107
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1108
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000388"
}
],
"repeated": 0,
"id": 1109
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 1110
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
}
],
"repeated": 0,
"id": 1111
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003ac"
}
],
"repeated": 0,
"id": 1112
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x0000038c",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "908"
}
],
"repeated": 0,
"id": 1113
},
{
"timestamp": "2026-03-05 09:09:16,635",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "908"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1114
},
{
"timestamp": "2026-03-05 09:09:16,650",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "908"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1115
},
{
"timestamp": "2026-03-05 09:09:16,650",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "908"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1116
},
{
"timestamp": "2026-03-05 09:09:16,650",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000038c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1117
},
{
"timestamp": "2026-03-05 09:09:16,650",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x0000038c"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8w\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1118
},
{
"timestamp": "2026-03-05 09:09:16,650",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "908"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1119
},
{
"timestamp": "2026-03-05 09:09:18,416",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1120
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1121
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1122
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000338"
}
],
"repeated": 0,
"id": 1123
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 1124
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "908"
}
],
"repeated": 0,
"id": 1125
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1126
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1127
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1128
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1129
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1130
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1131
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1132
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 1133
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1134
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a8"
}
],
"repeated": 0,
"id": 1135
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1136
},
{
"timestamp": "2026-03-05 09:09:18,791",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1137
},
{
"timestamp": "2026-03-05 09:09:19,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1138
},
{
"timestamp": "2026-03-05 09:09:19,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1139
},
{
"timestamp": "2026-03-05 09:09:19,807",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1140
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1141
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1142
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1143
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x000003a8"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000270"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1144
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1145
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003c0"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1146
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003c0"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1147
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1148
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1149
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1150
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1151
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1152
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 1153
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000002f0",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "752"
}
],
"repeated": 0,
"id": 1154
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1155
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1156
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1157
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000002f0"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1158
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000002f0"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x008m\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1159
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1160
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 1161
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1162
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1163
},
{
"timestamp": "2026-03-05 09:09:19,822",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1164
},
{
"timestamp": "2026-03-05 09:09:20,182",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1165
},
{
"timestamp": "2026-03-05 09:09:20,182",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1166
},
{
"timestamp": "2026-03-05 09:09:20,682",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff974fd48c5",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "30000"
}
],
"repeated": 0,
"id": 1167
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1168
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 1169
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000388"
}
],
"repeated": 0,
"id": 1170
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "752"
}
],
"repeated": 0,
"id": 1171
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1172
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1173
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1174
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1175
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1176
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1177
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 1178
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1179
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1180
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a8"
}
],
"repeated": 0,
"id": 1181
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1182
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1183
},
{
"timestamp": "2026-03-05 09:09:21,979",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003ac"
}
],
"repeated": 0,
"id": 1184
},
{
"timestamp": "2026-03-05 09:09:22,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1185
},
{
"timestamp": "2026-03-05 09:09:22,994",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1186
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1187
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1188
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1189
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1190
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1191
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addddb70",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1192
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addddb70"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1193
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000394"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x0000038c"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1194
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1195
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000320"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1196
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000320"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1197
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1198
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1199
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1200
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1201
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000388"
}
],
"repeated": 0,
"id": 1202
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 1203
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 1204
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1205
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1206
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 1207
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000320",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "800"
}
],
"repeated": 0,
"id": 1208
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "800"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1209
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "800"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1210
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "800"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1211
},
{
"timestamp": "2026-03-05 09:09:23,010",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000320"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1212
},
{
"timestamp": "2026-03-05 09:09:23,025",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000320"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98o\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1213
},
{
"timestamp": "2026-03-05 09:09:23,025",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "800"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1214
},
{
"timestamp": "2026-03-05 09:09:23,338",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1215
},
{
"timestamp": "2026-03-05 09:09:23,338",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 1216
},
{
"timestamp": "2026-03-05 09:09:23,432",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1217
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1218
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1219
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1220
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1221
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "800"
}
],
"repeated": 0,
"id": 1222
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1223
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1224
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1225
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1226
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003ac"
}
],
"repeated": 0,
"id": 1227
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a8"
}
],
"repeated": 0,
"id": 1228
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1229
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1230
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1231
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1232
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1233
},
{
"timestamp": "2026-03-05 09:09:25,166",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1234
},
{
"timestamp": "2026-03-05 09:09:26,182",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 1235
},
{
"timestamp": "2026-03-05 09:09:26,510",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1236
},
{
"timestamp": "2026-03-05 09:09:26,510",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 1237
},
{
"timestamp": "2026-03-05 09:09:28,447",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 1,
"id": 1238
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1239
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1240
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1241
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1242
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1243
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1244
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1245
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290adddd4f0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1246
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290adddd4f0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1247
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x000003cc"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000334"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1248
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1249
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000360"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1250
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000360"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1251
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1252
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1253
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1254
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1255
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000390"
}
],
"repeated": 0,
"id": 1256
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b0"
}
],
"repeated": 0,
"id": 1257
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 1258
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1259
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 1260
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 1261
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000360",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "864"
}
],
"repeated": 0,
"id": 1262
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "864"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1263
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "864"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1264
},
{
"timestamp": "2026-03-05 09:09:36,197",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "864"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1265
},
{
"timestamp": "2026-03-05 09:09:36,213",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000360"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1266
},
{
"timestamp": "2026-03-05 09:09:36,213",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000360"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00Hg\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1267
},
{
"timestamp": "2026-03-05 09:09:36,213",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "864"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1268
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1269
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1270
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1271
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1272
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1273
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1274
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1275
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1276
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1277
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1278
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1279
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1280
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1281
},
{
"timestamp": "2026-03-05 09:09:38,354",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1282
},
{
"timestamp": "2026-03-05 09:09:38,479",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1283
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1284
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1285
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1286
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1287
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1288
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1289
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1290
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addde1f0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1291
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addde1f0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1292
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x000003cc"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000003c0"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1293
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1294
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000334"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1295
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000334"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1296
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1297
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1298
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1299
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b0"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1300
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1301
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1302
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 1303
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1304
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b0"
}
],
"repeated": 0,
"id": 1305
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000390"
}
],
"repeated": 0,
"id": 1306
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000334",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "820"
}
],
"repeated": 0,
"id": 1307
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "820"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1308
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "820"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1309
},
{
"timestamp": "2026-03-05 09:09:39,369",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "820"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1310
},
{
"timestamp": "2026-03-05 09:09:39,385",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000334"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1311
},
{
"timestamp": "2026-03-05 09:09:39,385",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000334"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe8w\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1312
},
{
"timestamp": "2026-03-05 09:09:39,385",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "820"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1313
},
{
"timestamp": "2026-03-05 09:09:39,729",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1314
},
{
"timestamp": "2026-03-05 09:09:39,729",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 1315
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1316
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1317
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1318
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1319
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1320
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1321
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1322
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1323
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1324
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1325
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1326
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1327
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 1328
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1329
},
{
"timestamp": "2026-03-05 09:09:41,525",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1330
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1331
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1332
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1333
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1334
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1335
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1336
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1337
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addddd10",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1338
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addddd10"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1339
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1340
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003cc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1341
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003cc"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1342
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1343
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1344
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1345
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1346
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d4"
}
],
"repeated": 0,
"id": 1347
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d8"
}
],
"repeated": 0,
"id": 1348
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1349
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1350
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1351
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d0"
}
],
"repeated": 0,
"id": 1352
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000003cc",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "972"
}
],
"repeated": 0,
"id": 1353
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1354
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1355
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1356
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003cc"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1357
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003cc"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18f\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1358
},
{
"timestamp": "2026-03-05 09:09:42,541",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1359
},
{
"timestamp": "2026-03-05 09:09:42,885",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1360
},
{
"timestamp": "2026-03-05 09:09:42,885",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 1361
},
{
"timestamp": "2026-03-05 09:09:43,494",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1362
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1363
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b0"
}
],
"repeated": 0,
"id": 1364
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1365
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
}
],
"repeated": 0,
"id": 1366
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1367
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1368
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1369
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1370
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1371
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1372
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 1373
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 1374
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1375
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1376
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 1377
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1378
},
{
"timestamp": "2026-03-05 09:09:44,682",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1379
},
{
"timestamp": "2026-03-05 09:09:45,697",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 1380
},
{
"timestamp": "2026-03-05 09:09:46,057",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1381
},
{
"timestamp": "2026-03-05 09:09:46,057",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 1382
},
{
"timestamp": "2026-03-05 09:09:48,510",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1383
},
{
"timestamp": "2026-03-05 09:09:50,697",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff974fd48c5",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "30000"
}
],
"repeated": 0,
"id": 1384
},
{
"timestamp": "2026-03-05 09:09:53,525",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1385
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1386
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1387
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1388
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1389
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1390
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addc36d0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1391
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addc36d0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1392
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290adddd690",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addc36d0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1393
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290adddd690"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1394
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x000002f0"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000003dc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1395
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1396
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1397
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003e0"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1398
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003e0"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1399
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003e0"
}
],
"repeated": 0,
"id": 1400
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1401
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1402
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1403
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d4"
}
],
"repeated": 0,
"id": 1404
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d8"
}
],
"repeated": 0,
"id": 1405
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1406
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1407
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000340",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "832"
}
],
"repeated": 0,
"id": 1408
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "832"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1409
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "832"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1410
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "832"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1411
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000340"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1412
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000340"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08l\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1413
},
{
"timestamp": "2026-03-05 09:09:55,713",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "832"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1414
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1415
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1416
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1417
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1418
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1419
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1420
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 1421
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1422
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000270"
}
],
"repeated": 0,
"id": 1423
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1424
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1425
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002f0"
}
],
"repeated": 0,
"id": 1426
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1427
},
{
"timestamp": "2026-03-05 09:09:57,854",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 1428
},
{
"timestamp": "2026-03-05 09:09:58,541",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1429
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1430
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1431
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1432
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1433
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1434
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290addbb040",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1435
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addbb040"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1436
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addddd10",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290addbb040"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1437
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addddd10"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1438
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000354"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x00000368"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1439
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1440
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000394"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1441
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000394"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1442
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1443
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1444
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1445
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1446
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1447
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1448
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1449
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1450
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 1451
},
{
"timestamp": "2026-03-05 09:09:58,869",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1452
},
{
"timestamp": "2026-03-05 09:09:58,885",
"thread_id": "6440",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000384",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "900"
}
],
"repeated": 0,
"id": 1453
},
{
"timestamp": "2026-03-05 09:09:58,885",
"thread_id": "6440",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1454
},
{
"timestamp": "2026-03-05 09:09:58,885",
"thread_id": "6440",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1455
},
{
"timestamp": "2026-03-05 09:09:58,885",
"thread_id": "6440",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1456
},
{
"timestamp": "2026-03-05 09:09:58,885",
"thread_id": "6440",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000384"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1457
},
{
"timestamp": "2026-03-05 09:09:58,885",
"thread_id": "6440",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000384"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00h[\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1458
},
{
"timestamp": "2026-03-05 09:09:58,885",
"thread_id": "6440",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "900"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1459
},
{
"timestamp": "2026-03-05 09:09:59,275",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1460
},
{
"timestamp": "2026-03-05 09:09:59,275",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 1461
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1462
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1463
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1464
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1465
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1466
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1467
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 1468
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1469
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "6560",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 1470
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1471
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "6560",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 1472
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1473
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1474
},
{
"timestamp": "2026-03-05 09:10:01,025",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1475
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1476
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1477
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1478
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1479
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1480
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290ade0fff0",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1481
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290ade0fff0"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1482
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addde1f0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290ade0fff0"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1483
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addde1f0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1484
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000320"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000003b8"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1485
},
{
"timestamp": "2026-03-05 09:10:02,041",
"thread_id": "6440",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1486
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x0000031c"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1487
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x0000031c"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1488
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 1489
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1490
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1491
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1492
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 1493
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 1494
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1495
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1496
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000031c"
}
],
"repeated": 0,
"id": 1497
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1498
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000348",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "840"
}
],
"repeated": 0,
"id": 1499
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1500
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1501
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1502
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000348"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1503
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000348"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8c\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1504
},
{
"timestamp": "2026-03-05 09:10:02,057",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1505
},
{
"timestamp": "2026-03-05 09:10:02,447",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000398"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1506
},
{
"timestamp": "2026-03-05 09:10:02,447",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000398"
}
],
"repeated": 0,
"id": 1507
},
{
"timestamp": "2026-03-05 09:10:03,557",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1508
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1509
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1510
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 1511
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 1512
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "840"
}
],
"repeated": 0,
"id": 1513
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1514
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1515
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1516
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97fcb9b1a",
"parentcaller": "0x7ff97fcd095c",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1517
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1518
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000354"
}
],
"repeated": 0,
"id": 1519
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1520
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1521
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1522
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1523
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1524
},
{
"timestamp": "2026-03-05 09:10:04,197",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 1525
},
{
"timestamp": "2026-03-05 09:10:05,213",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 1526
},
{
"timestamp": "2026-03-05 09:10:05,619",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a4"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1527
},
{
"timestamp": "2026-03-05 09:10:05,619",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a4"
}
],
"repeated": 0,
"id": 1528
},
{
"timestamp": "2026-03-05 09:10:08,572",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 1,
"id": 1529
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1530
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1531
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1532
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1533
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1534
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290ade0fd10",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1535
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1536
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290adddd690"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1537
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003dc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1538
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003dc"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1539
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1540
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1541
},
{
"timestamp": "2026-03-05 09:10:15,229",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1542
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d4"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1543
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1544
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003e0"
}
],
"repeated": 0,
"id": 1545
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d8"
}
],
"repeated": 0,
"id": 1546
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1547
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d4"
}
],
"repeated": 0,
"id": 1548
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1549
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000003cc",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "972"
}
],
"repeated": 0,
"id": 1550
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1551
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1552
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1553
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003cc"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1554
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003cc"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08l\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1555
},
{
"timestamp": "2026-03-05 09:10:15,244",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1556
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1557
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05d2",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b0"
}
],
"repeated": 0,
"id": 1558
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1559
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff05eb",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1560
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6560",
"caller": "0x7ff96b5b3d7c",
"parentcaller": "0x7ff96b5b431a",
"category": "network",
"api": "closesocket",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "972"
}
],
"repeated": 0,
"id": 1561
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 1562
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000320"
}
],
"repeated": 0,
"id": 1563
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b4"
}
],
"repeated": 0,
"id": 1564
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c0"
}
],
"repeated": 0,
"id": 1565
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003a4"
}
],
"repeated": 0,
"id": 1566
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1567
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1568
},
{
"timestamp": "2026-03-05 09:10:17,385",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1569
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1570
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1571
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1572
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1573
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1574
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpen",
"status": true,
"return": "0x290ade10b70",
"arguments": [
{
"name": "UserAgent",
"value": "Intel Hypervisor/2025.1"
},
{
"name": "ProxyName",
"value": ""
},
{
"name": "ProxyBypass",
"value": ""
},
{
"name": "AccessType",
"value": "0x00000000"
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1575
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c49fc",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSetTimeouts",
"status": true,
"return": "0x00000001",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290ade10b70"
},
{
"name": "ResolveTimeout",
"value": "10000"
},
{
"name": "ConnectTimeout",
"value": "10000"
},
{
"name": "SendTimeout",
"value": "10000"
},
{
"name": "ReceiveTimeout",
"value": "10000"
}
],
"repeated": 0,
"id": 1576
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290adddd4f0",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290ade10b70"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1577
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290add8ee10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290adddd4f0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1578
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000360"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000003dc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1579
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1580
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x00000348"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1581
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x00000348"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1582
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
}
],
"repeated": 0,
"id": 1583
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1584
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1585
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000348"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1586
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000002fc"
}
],
"repeated": 0,
"id": 1587
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000398"
}
],
"repeated": 0,
"id": 1588
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000378"
}
],
"repeated": 0,
"id": 1589
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003e0"
}
],
"repeated": 0,
"id": 1590
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000032c"
}
],
"repeated": 0,
"id": 1591
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x00000394",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "916"
}
],
"repeated": 0,
"id": 1592
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1593
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1594
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1595
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000394"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1596
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x00000394"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18f\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1597
},
{
"timestamp": "2026-03-05 09:10:18,400",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "916"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1598
},
{
"timestamp": "2026-03-05 09:10:18,588",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1599
},
{
"timestamp": "2026-03-05 09:10:18,791",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c4"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1600
},
{
"timestamp": "2026-03-05 09:10:18,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c4"
}
],
"repeated": 0,
"id": 1601
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1602
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1603
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1604
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1605
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade08000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1606
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1607
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1608
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 1609
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1610
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1611
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1612
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d8"
}
],
"repeated": 0,
"id": 1613
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1614
},
{
"timestamp": "2026-03-05 09:10:20,557",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1615
},
{
"timestamp": "2026-03-05 09:10:20,713",
"thread_id": "1944",
"caller": "0x7ff97d6f96de",
"parentcaller": "0x7ff974fd48c5",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "30000"
}
],
"repeated": 0,
"id": 1616
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1617
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1618
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1619
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1620
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1621
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c44f",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x00000384"
},
{
"name": "SubKey",
"value": "TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000010",
"pretty_value": "KEY_NOTIFY"
},
{
"name": "Handle",
"value": "0x000003cc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1622
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "2860",
"caller": "0x7ff9693c4c6b",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpConnect",
"status": true,
"return": "0x290addde050",
"arguments": [
{
"name": "SessionHandle",
"value": "0x290ade0f190"
},
{
"name": "ServerName",
"value": "217.19.4.252"
},
{
"name": "ServerPort",
"value": "80"
}
],
"repeated": 0,
"id": 1623
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1624
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003b8"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1625
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003b8"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1626
},
{
"timestamp": "2026-03-05 09:10:21,572",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1627
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1628
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1629
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6440",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1630
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d4"
}
],
"repeated": 0,
"id": 1631
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1632
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000388"
}
],
"repeated": 0,
"id": 1633
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 1634
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003b8"
}
],
"repeated": 0,
"id": 1635
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000334"
}
],
"repeated": 0,
"id": 1636
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000003c4",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "964"
}
],
"repeated": 0,
"id": 1637
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1638
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1639
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1640
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003c4"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1641
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003c4"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08l\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1642
},
{
"timestamp": "2026-03-05 09:10:21,588",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "964"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1643
},
{
"timestamp": "2026-03-05 09:10:21,994",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1644
},
{
"timestamp": "2026-03-05 09:10:21,994",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003bc"
}
],
"repeated": 0,
"id": 1645
},
{
"timestamp": "2026-03-05 09:10:23,604",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 0,
"id": 1646
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290add8ee10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1647
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1648
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1649
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1650
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade08000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1651
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d8"
}
],
"repeated": 0,
"id": 1652
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1653
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1654
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1655
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1656
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1657
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 1658
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1659
},
{
"timestamp": "2026-03-05 09:10:23,744",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 1660
},
{
"timestamp": "2026-03-05 09:10:24,760",
"thread_id": "2860",
"caller": "0x7ff9693c7755",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "10000"
}
],
"repeated": 0,
"id": 1661
},
{
"timestamp": "2026-03-05 09:10:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff96b596c4b",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1662
},
{
"timestamp": "2026-03-05 09:10:25,166",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff96b596cd8",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 1663
},
{
"timestamp": "2026-03-05 09:10:28,619",
"thread_id": "160",
"caller": "0x7ff9693c816e",
"parentcaller": "0x7ff78b2042eb",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "5000"
}
],
"repeated": 1,
"id": 1664
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1665
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1666
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1667
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "unload"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1668
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1669
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "6560",
"caller": "0x7ff97501c5b0",
"parentcaller": "0x7ff97501c4f1",
"category": "registry",
"api": "RegNotifyChangeKeyValue",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload\\"
},
{
"name": "NotifyFilter",
"value": "0x10000004"
},
{
"name": "WatchSubtree",
"value": "1"
},
{
"name": "Asynchronous",
"value": "1"
}
],
"repeated": 0,
"id": 1670
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "2860",
"caller": "0x7ff9693c5091",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpOpenRequest",
"status": true,
"return": "0x290addf7c10",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290adddd9d0"
},
{
"name": "Verb",
"value": "GET"
},
{
"name": "ObjectName",
"value": "/poll?id={26EAB2C0-5A8F-4A78-AC4B-010B13F347C1}&hostname=DESKTOP-PC01&domain="
},
{
"name": "Version",
"value": ""
},
{
"name": "Referrer",
"value": ""
},
{
"name": "Flags",
"value": "0x00000000"
}
],
"repeated": 0,
"id": 1671
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "6560",
"caller": "0x7ff97501c381",
"parentcaller": "0x7ff97501c951",
"category": "registry",
"api": "RegCreateKeyExW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Registry",
"value": "0x80000002",
"pretty_value": "HKEY_LOCAL_MACHINE"
},
{
"name": "SubKey",
"value": "SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Class",
"value": ""
},
{
"name": "Access",
"value": "0x00000001",
"pretty_value": "KEY_QUERY_VALUE"
},
{
"name": "Handle",
"value": "0x000003dc"
},
{
"name": "FullName",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
},
{
"name": "Disposition",
"value": "2",
"pretty_value": "REG_OPENED_EXISTING_KEY"
}
],
"repeated": 0,
"id": 1672
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "6560",
"caller": "0x7ff97501c9ab",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegQueryInfoKeyW",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "KeyHandle",
"value": "0x000003dc"
},
{
"name": "Class",
"value": ""
},
{
"name": "SubKeyCount",
"value": "0"
},
{
"name": "MaxSubKeyLength",
"value": "0"
},
{
"name": "MaxClassLength",
"value": "0"
},
{
"name": "ValueCount",
"value": "0"
},
{
"name": "MaxValueNameLength",
"value": "0"
},
{
"name": "MaxValueLength",
"value": "0"
}
],
"repeated": 0,
"id": 1673
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "6560",
"caller": "0x7ff97501c9f2",
"parentcaller": "0x7ff97501b729",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1674
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "6440",
"caller": "0x7ff97fcf3fba",
"parentcaller": "0x7ff97ea3f4a7",
"category": "process",
"api": "NtQueryInformationToken",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "TokenInformationClass",
"value": "29"
},
{
"name": "TokenInformation",
"value": "\\x00\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1675
},
{
"timestamp": "2026-03-05 09:10:34,775",
"thread_id": "6440",
"caller": "0x7ff97ea7d257",
"parentcaller": "0x7ff97ea7d1b6",
"category": "system",
"api": "GetSystemTimeAsFileTime",
"status": true,
"return": "0x00000000",
"arguments": [],
"repeated": 0,
"id": 1676
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97d6d1ace",
"parentcaller": "0x7ff974fef7f6",
"category": "system",
"api": "NtWaitForSingleObject",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
},
{
"name": "Milliseconds",
"value": "18446744073709551615"
},
{
"name": "Status",
"value": "Infinite"
}
],
"repeated": 0,
"id": 1677
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000340"
}
],
"repeated": 0,
"id": 1678
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003c8"
}
],
"repeated": 0,
"id": 1679
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff9750300d1",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000394"
}
],
"repeated": 0,
"id": 1680
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000388"
}
],
"repeated": 0,
"id": 1681
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff975030c45",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003dc"
}
],
"repeated": 0,
"id": 1682
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003d8"
}
],
"repeated": 0,
"id": 1683
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff96b5b0342",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "WSASocketW",
"status": true,
"return": "0x000003d8",
"arguments": [
{
"name": "af",
"value": "2",
"pretty_value": "AF_INET"
},
{
"name": "type",
"value": "1",
"pretty_value": "SOCK_STREAM"
},
{
"name": "protocol",
"value": "6",
"pretty_value": "IPPROTO_TCP"
},
{
"name": "socket",
"value": "984"
}
],
"repeated": 0,
"id": 1684
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff96b5b03bb",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "984"
},
{
"name": "level",
"value": "0x7ff90000ffff"
},
{
"name": "optname",
"value": "0x00003007"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1685
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff96b5b0402",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "bind",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "984"
},
{
"name": "ip",
"value": "0.0.0.0"
},
{
"name": "port",
"value": "0"
}
],
"repeated": 0,
"id": 1686
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff96b5b0438",
"parentcaller": "0x7ff96b5ae997",
"category": "network",
"api": "setsockopt",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "984"
},
{
"name": "level",
"value": "0x7ff900000006"
},
{
"name": "optname",
"value": "0x00000001"
},
{
"name": "optval",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1687
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97eb7df7a",
"parentcaller": "0x7ff96b5b0519",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003d8"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "41",
"pretty_value": "FileIoStatusBlockRangeInformation"
},
{
"name": "FileInformation",
"value": "\\x01\\x00\\x00\\x00"
}
],
"repeated": 0,
"id": 1688
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff97fd25e2d",
"parentcaller": "0x7ff97fd25d48",
"category": "filesystem",
"api": "NtSetInformationFile",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "FileHandle",
"value": "0x000003d8"
},
{
"name": "HandleName",
"value": "\\Device\\Afd"
},
{
"name": "FileInformationClass",
"value": "30",
"pretty_value": "FileCompletionInformation"
},
{
"name": "FileInformation",
"value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00(`\\xda\\xad\\x90\\x02\\x00\\x00"
}
],
"repeated": 0,
"id": 1689
},
{
"timestamp": "2026-03-05 09:10:34,791",
"thread_id": "6560",
"caller": "0x7ff96b5af4c7",
"parentcaller": "0x7ff96b5ae9f9",
"category": "network",
"api": "ConnectEx",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "socket",
"value": "984"
},
{
"name": "SendBuffer",
"value": ""
},
{
"name": "ip",
"value": "217.19.4.252"
},
{
"name": "port",
"value": "80"
}
],
"repeated": 0,
"id": 1690
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c5320",
"parentcaller": "0x7ff96941f4f9",
"category": "network",
"api": "WinHttpSendRequest",
"status": false,
"return": "0x00000000",
"arguments": [
{
"name": "InternetHandle",
"value": "0x290addf7c10"
},
{
"name": "Headers",
"value": ""
},
{
"name": "Optional",
"value": ""
}
],
"repeated": 0,
"id": 1691
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290ade23000"
},
{
"name": "RegionSize",
"value": "0x00006000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1692
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addee000"
},
{
"name": "RegionSize",
"value": "0x00003000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1693
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addc6000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1694
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addf9000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1695
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "process",
"api": "NtFreeVirtualMemory",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "ProcessHandle",
"value": "0xffffffff"
},
{
"name": "BaseAddress",
"value": "0x290addaa000"
},
{
"name": "RegionSize",
"value": "0x00001000"
},
{
"name": "FreeType",
"value": "0x00004000"
}
],
"repeated": 0,
"id": 1696
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c54c3",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000324"
}
],
"repeated": 0,
"id": 1697
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "2860",
"caller": "0x7ff9693c54e0",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "NtDelayExecution",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Milliseconds",
"value": "1000"
}
],
"repeated": 0,
"id": 1698
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "6440",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fcbc30d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000360"
}
],
"repeated": 0,
"id": 1699
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "6440",
"caller": "0x7ff97501c873",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000368"
}
],
"repeated": 0,
"id": 1700
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff97501c88d",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000384"
}
],
"repeated": 0,
"id": 1701
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "6440",
"caller": "0x7ff97501c8a6",
"parentcaller": "0x7ff97501c0fe",
"category": "registry",
"api": "RegCloseKey",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000033c"
}
],
"repeated": 0,
"id": 1702
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "6440",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974ff9e27",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x00000250"
}
],
"repeated": 0,
"id": 1703
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "6560",
"caller": "0x7ff97d6da405",
"parentcaller": "0x7ff974fd483f",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x000003cc"
}
],
"repeated": 0,
"id": 1704
},
{
"timestamp": "2026-03-05 09:10:36,932",
"thread_id": "6560",
"caller": "0x7ff97fcbc23a",
"parentcaller": "0x7ff97fd037da",
"category": "system",
"api": "NtClose",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Handle",
"value": "0x0000038c"
}
],
"repeated": 0,
"id": 1705
},
{
"timestamp": "2026-03-05 09:10:37,947",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "LdrLoadDll",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "Flags",
"value": "0x00000000"
},
{
"name": "FileName",
"value": "winhttp.dll"
},
{
"name": "BaseAddress",
"value": "0x7ff974fc0000"
}
],
"repeated": 0,
"id": 1706
},
{
"timestamp": "2026-03-05 09:10:37,947",
"thread_id": "2860",
"caller": "0x7ff9693c4980",
"parentcaller": "0x7ff96941f4f9",
"category": "system",
"api": "DllLoadNotification",
"status": true,
"return": "0x00000000",
"arguments": [
{
"name": "NotificationReason",
"value": "load"
},
{
"name": "DllName",
"value": "C:\\Windows\\system32\\OnDemandConnRouteHelper"
},
{
"name": "DllBase",
"value": "0x7ff964250000"
}
],
"repeated": 0,
"id": 1707
}
],
"threads": [
"160",
"6760",
"5224",
"5404",
"3416",
"2860",
"1944",
"6560",
"6440",
"2176",
"6448"
],
"environ": {
"UserName": "cape",
"ComputerName": "DESKTOP-PC01",
"WindowsPath": "C:\\Windows",
"TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
"CommandLine": "\"C:\\Windows\\sysnative\\rundll32.exe\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll\",#1",
"RegisteredOwner": "",
"RegisteredOrganization": "",
"ProductName": "",
"SystemVolumeSerialNumber": "7c6d-8d48",
"SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
"MachineGUID": "",
"MainExeBase": "0x7ff78b200000",
"MainExeSize": "0x00017000",
"Bitness": "64-bit",
"DllBase": "0x7ff9693c0000"
},
"file_activities": {
"read_files": [],
"write_files": [],
"delete_files": []
}
}
],
"anomaly": [],
"processtree": [
{
"name": "rundll32.exe",
"pid": 4596,
"parent_id": 2908,
"module_path": "C:\\Windows\\System32\\rundll32.exe",
"children": [],
"threads": [
"160",
"6760",
"5224",
"5404",
"3416",
"2860",
"1944",
"6560",
"6440",
"2176",
"6448"
],
"environ": {
"UserName": "cape",
"ComputerName": "DESKTOP-PC01",
"WindowsPath": "C:\\Windows",
"TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
"CommandLine": "\"C:\\Windows\\sysnative\\rundll32.exe\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll\",#1",
"RegisteredOwner": "",
"RegisteredOrganization": "",
"ProductName": "",
"SystemVolumeSerialNumber": "7c6d-8d48",
"SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
"MachineGUID": "",
"MainExeBase": "0x7ff78b200000",
"MainExeSize": "0x00017000",
"Bitness": "64-bit",
"DllBase": "0x7ff9693c0000"
}
}
],
"summary": {
"files": [
"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll.manifest",
"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll",
"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll.123.Manifest",
"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll.124.Manifest",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\System32\\C_1252.NLS",
"C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\mswsock.dll.mui",
"C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\wshqos.dll.mui"
],
"read_files": [],
"write_files": [],
"delete_files": [],
"keys": [
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Codepage",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1252",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
],
"read_keys": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1252",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
],
"write_keys": [],
"delete_keys": [],
"executed_commands": [],
"resolved_apis": [],
"mutexes": [
"Local\\SM0:4596:304:WilStaging_02"
],
"created_services": [],
"started_services": []
},
"enhanced": [
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:17,010",
"eid": 1,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
"content": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:17,010",
"eid": 2,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
"content": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:17,010",
"eid": 3,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
"content": null
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,150",
"eid": 4,
"data": {
"file": "api-ms-win-core-synch-l1-2-0",
"pathtofile": null,
"moduleaddress": "0x7ff97d6b0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,150",
"eid": 5,
"data": {
"file": "api-ms-win-core-fibers-l1-1-1",
"pathtofile": null,
"moduleaddress": "0x7ff97d6b0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,150",
"eid": 6,
"data": {
"file": "api-ms-win-core-synch-l1-2-0",
"pathtofile": null,
"moduleaddress": "0x7ff97d6b0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,150",
"eid": 7,
"data": {
"file": "api-ms-win-core-localization-l1-2-1",
"pathtofile": null,
"moduleaddress": "0x7ff97d6b0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,150",
"eid": 8,
"data": {
"file": "kernel32",
"pathtofile": null,
"moduleaddress": "0x7ff97eb60000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,869",
"eid": 9,
"data": {
"file": "C:\\Windows\\System32\\uxtheme.dll",
"pathtofile": null,
"moduleaddress": "0x7ff97adb0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,947",
"eid": 10,
"data": {
"file": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll",
"pathtofile": null,
"moduleaddress": "0x7ff9693c0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,963",
"eid": 11,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,963",
"eid": 12,
"data": {
"file": "C:\\Windows\\system32\\rundll32.exe",
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:17,979",
"eid": 13,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
"content": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:17,979",
"eid": 14,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
"content": null
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,979",
"eid": 15,
"data": {
"file": "ntdll.dll",
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,994",
"eid": 16,
"data": {
"file": "api-ms-win-appmodel-runtime-l1-1-2",
"pathtofile": null,
"moduleaddress": "0x7ff97b2e0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:17,994",
"eid": 17,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,057",
"eid": 18,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,072",
"eid": 19,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,072",
"eid": 20,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,072",
"eid": 21,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,072",
"eid": 22,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,088",
"eid": 23,
"data": {
"file": "C:\\Windows\\System32\\mswsock.dll",
"pathtofile": null,
"moduleaddress": "0x7ff97cac0000"
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,354",
"eid": 24,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
"content": "kernel32.dll"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,354",
"eid": 25,
"data": {
"file": "kernel32.dll",
"pathtofile": null,
"moduleaddress": "0x7ff97eb60000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,354",
"eid": 26,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,369",
"eid": 27,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1252",
"content": "c_1252.nls"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 28,
"data": {
"file": "C:\\Windows\\System32\\mswsock.dll",
"pathtofile": null,
"moduleaddress": "0x7ff97cac0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 29,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 30,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
"content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 31,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 32,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 33,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
"content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 34,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 35,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
"content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 36,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,400",
"eid": 37,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
"content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:18,416",
"eid": 38,
"data": {
"file": null,
"pathtofile": null,
"moduleaddress": null
}
},
{
"event": "read",
"object": "registry",
"timestamp": "2026-03-05 09:07:18,416",
"eid": 39,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
"content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:21,635",
"eid": 40,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:21,635",
"eid": 41,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:21,635",
"eid": 42,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:21,635",
"eid": 43,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:24,807",
"eid": 44,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:24,807",
"eid": 45,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:24,807",
"eid": 46,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:24,807",
"eid": 47,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:24,807",
"eid": 48,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:37,994",
"eid": 49,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:37,994",
"eid": 50,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:37,994",
"eid": 51,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:37,994",
"eid": 52,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:37,994",
"eid": 53,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:41,166",
"eid": 54,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:41,166",
"eid": 55,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:41,166",
"eid": 56,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:41,166",
"eid": 57,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:44,338",
"eid": 58,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:44,338",
"eid": 59,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:44,338",
"eid": 60,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:44,338",
"eid": 61,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:44,338",
"eid": 62,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:57,525",
"eid": 63,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:58,447",
"eid": 64,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:58,447",
"eid": 65,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:07:58,447",
"eid": 66,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:07:58,447",
"eid": 67,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:01,619",
"eid": 68,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:01,619",
"eid": 69,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:01,619",
"eid": 70,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:01,619",
"eid": 71,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:01,619",
"eid": 72,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:04,791",
"eid": 73,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:04,791",
"eid": 74,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:04,791",
"eid": 75,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:04,807",
"eid": 76,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:17,979",
"eid": 77,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:17,979",
"eid": 78,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:17,979",
"eid": 79,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:17,979",
"eid": 80,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:21,182",
"eid": 81,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:21,182",
"eid": 82,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:21,182",
"eid": 83,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:21,182",
"eid": 84,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:21,182",
"eid": 85,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:24,354",
"eid": 86,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:24,354",
"eid": 87,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:24,354",
"eid": 88,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:24,354",
"eid": 89,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:37,541",
"eid": 90,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:37,541",
"eid": 91,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:37,557",
"eid": 92,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:37,557",
"eid": 93,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:37,557",
"eid": 94,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:40,729",
"eid": 95,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:40,729",
"eid": 96,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:40,729",
"eid": 97,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:40,729",
"eid": 98,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:43,900",
"eid": 99,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:43,900",
"eid": 100,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:43,900",
"eid": 101,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:43,900",
"eid": 102,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:43,900",
"eid": 103,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:57,088",
"eid": 104,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:57,088",
"eid": 105,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:08:57,104",
"eid": 106,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:08:57,104",
"eid": 107,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:00,275",
"eid": 108,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:00,275",
"eid": 109,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:00,275",
"eid": 110,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:00,275",
"eid": 111,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:00,275",
"eid": 112,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:03,463",
"eid": 113,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:03,463",
"eid": 114,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:03,463",
"eid": 115,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:03,463",
"eid": 116,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:03,463",
"eid": 117,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:16,635",
"eid": 118,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:16,635",
"eid": 119,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:16,635",
"eid": 120,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:16,635",
"eid": 121,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:16,635",
"eid": 122,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:19,807",
"eid": 123,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:19,807",
"eid": 124,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:19,822",
"eid": 125,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:19,822",
"eid": 126,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:19,822",
"eid": 127,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:22,994",
"eid": 128,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:23,010",
"eid": 129,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:23,010",
"eid": 130,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:23,010",
"eid": 131,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:23,010",
"eid": 132,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:36,197",
"eid": 133,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:36,197",
"eid": 134,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:36,197",
"eid": 135,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:36,197",
"eid": 136,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:36,197",
"eid": 137,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:39,369",
"eid": 138,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:39,369",
"eid": 139,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:39,369",
"eid": 140,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:39,369",
"eid": 141,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:39,369",
"eid": 142,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:42,541",
"eid": 143,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:42,541",
"eid": 144,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:42,541",
"eid": 145,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:42,541",
"eid": 146,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:55,713",
"eid": 147,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:55,713",
"eid": 148,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:55,713",
"eid": 149,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:55,713",
"eid": 150,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:55,713",
"eid": 151,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:58,869",
"eid": 152,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:58,869",
"eid": 153,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:09:58,869",
"eid": 154,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:58,869",
"eid": 155,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:09:58,869",
"eid": 156,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:02,041",
"eid": 157,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:02,041",
"eid": 158,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:02,041",
"eid": 159,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:02,041",
"eid": 160,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:02,057",
"eid": 161,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:15,229",
"eid": 162,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:15,229",
"eid": 163,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:15,229",
"eid": 164,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:15,229",
"eid": 165,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:18,400",
"eid": 166,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:18,400",
"eid": 167,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:18,400",
"eid": 168,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:18,400",
"eid": 169,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:18,400",
"eid": 170,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:21,572",
"eid": 171,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:21,572",
"eid": 172,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:21,572",
"eid": 173,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:21,572",
"eid": 174,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:21,572",
"eid": 175,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:34,775",
"eid": 176,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:34,775",
"eid": 177,
"data": {
"file": "C:\\Windows\\System32\\OnDemandConnRouteHelper.dll",
"pathtofile": null,
"moduleaddress": "0x7ff964250000"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:34,775",
"eid": 178,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
},
{
"event": "write",
"object": "registry",
"timestamp": "2026-03-05 09:10:34,775",
"eid": 179,
"data": {
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload"
}
},
{
"event": "load",
"object": "library",
"timestamp": "2026-03-05 09:10:37,947",
"eid": 180,
"data": {
"file": "winhttp.dll",
"pathtofile": null,
"moduleaddress": "0x7ff974fc0000"
}
}
],
"encryptedbuffers": [],
"network_map": {
"endpoint_map": {},
"http_host_map": {},
"dns_intents": {},
"http_requests": [],
"winhttp_sessions": []
}
},
"debug": {
"log": "2026-03-05 02:28:18,418 [root] INFO: Date set to: 20260305T12:06:39, timeout set to: 200\n2026-03-05 12:06:39,119 [root] DEBUG: Starting analyzer from: C:\\nk6xk99a\n2026-03-05 12:06:39,134 [root] DEBUG: Storing results at: C:\\CNBZxSuxbk\n2026-03-05 12:06:39,134 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\YaQoJwDnKP\n2026-03-05 12:06:39,150 [root] DEBUG: Python path: C:\\Python310\n2026-03-05 12:06:39,150 [root] INFO: analysis running as an admin\n2026-03-05 12:06:39,150 [root] INFO: analysis package specified: \"dll\"\n2026-03-05 12:06:39,150 [root] DEBUG: importing analysis package module: \"modules.packages.dll\"...\n2026-03-05 12:06:39,150 [root] DEBUG: imported analysis package \"dll\"\n2026-03-05 12:06:39,150 [root] DEBUG: initializing analysis package \"dll\"...\n2026-03-05 12:06:39,150 [lib.common.common] INFO: wrapping\n2026-03-05 12:06:39,197 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 12:06:39,197 [root] DEBUG: New location of moved file: C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll\n2026-03-05 12:06:39,197 [root] INFO: Analyzer: Package modules.packages.dll does not specify a DLL option\n2026-03-05 12:06:39,197 [root] INFO: Analyzer: Package modules.packages.dll does not specify a DLL_64 option\n2026-03-05 12:06:39,197 [root] INFO: Analyzer: Package modules.packages.dll does not specify a loader option\n2026-03-05 12:06:39,197 [root] INFO: Analyzer: Package modules.packages.dll does not specify a loader_64 option\n2026-03-05 12:06:39,260 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-03-05 12:06:39,353 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-03-05 12:06:39,510 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-03-05 12:06:39,682 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-03-05 12:06:40,134 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-03-05 12:06:40,244 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'\n2026-03-05 12:06:40,291 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'\n2026-03-05 12:06:40,557 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance\n2026-03-05 12:06:40,619 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-03-05 12:06:40,635 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-03-05 12:06:40,650 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-03-05 12:06:40,713 [root] DEBUG: attempting to configure 'Browser' from data\n2026-03-05 12:06:40,853 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-03-05 12:06:40,853 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-03-05 12:06:40,853 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-03-05 12:06:40,853 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-03-05 12:06:40,853 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-03-05 12:06:40,853 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-03-05 12:06:40,869 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-03-05 12:06:40,869 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-03-05 12:06:41,556 [modules.auxiliary.digisig] DEBUG: File is not signed\n2026-03-05 12:06:41,572 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-03-05 12:06:41,619 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-03-05 12:06:41,619 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-03-05 12:06:41,619 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-03-05 12:06:41,619 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-03-05 12:06:41,619 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-03-05 12:06:41,619 [modules.auxiliary.disguise] INFO: Disguising GUID to 44557234-068c-4192-843c-c7efad0ffaff\n2026-03-05 12:06:41,635 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-03-05 12:06:41,635 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-03-05 12:06:41,635 [root] DEBUG: attempting to configure 'Human' from data\n2026-03-05 12:06:41,635 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-03-05 12:06:41,635 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-03-05 12:06:41,650 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-03-05 12:06:41,650 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-03-05 12:06:41,650 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-03-05 12:06:41,650 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-03-05 12:06:41,650 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-03-05 12:06:41,681 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-03-05 12:06:41,681 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-03-05 12:06:41,697 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-03-05 12:06:41,697 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-03-05 12:06:41,697 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-03-05 12:06:41,713 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 656\n2026-03-05 12:06:41,744 [lib.api.process] INFO: Monitor config for : C:\\nk6xk99a\\dll\\656.ini\n2026-03-05 12:06:41,791 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor\n2026-03-05 12:06:42,010 [lib.api.process] INFO: 64-bit DLL to inject is C:\\nk6xk99a\\dll\\kIbmqzp.dll, loader C:\\nk6xk99a\\bin\\mRtDbfjg.exe\n2026-03-05 12:06:42,119 [root] DEBUG: Loader: Injecting process 656 with C:\\nk6xk99a\\dll\\kIbmqzp.dll.\n2026-03-05 12:06:42,213 [root] DEBUG: 656: Python path set to 'C:\\Python310'.\n2026-03-05 12:06:42,228 [root] DEBUG: 656: Disabling sleep skipping.\n2026-03-05 12:06:42,228 [root] DEBUG: 656: TLS secret dump mode enabled.\n2026-03-05 12:06:42,416 [root] DEBUG: 656: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 12:06:42,416 [root] DEBUG: 656: Monitor initialised: 64-bit capemon loaded in process 656 at 0x00007FF95C960000, thread 6864, image base 0x00007FF794EB0000, stack from 0x000000A277A72000-0x000000A277A80000\n2026-03-05 12:06:42,416 [root] DEBUG: 656: Commandline: C:\\Windows\\system32\\lsass.exe\n2026-03-05 12:06:42,463 [root] DEBUG: 656: Hooked 5 out of 5 functions\n2026-03-05 12:06:42,478 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 12:06:42,478 [root] DEBUG: Successfully injected DLL C:\\nk6xk99a\\dll\\kIbmqzp.dll.\n2026-03-05 12:06:42,494 [lib.api.process] INFO: Injected into 64-bit \n2026-03-05 12:06:42,494 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-03-05 12:06:42,978 [root] DEBUG: 656: TLS 1.2 secrets logged to: C:\\CNBZxSuxbk\\tlsdump\\tlsdump.log\n2026-03-05 12:07:13,291 [root] INFO: Restarting WMI Service\n2026-03-05 12:07:13,588 [root] DEBUG: package modules.packages.dll does not support configure, ignoring\n2026-03-05 12:07:13,588 [root] WARNING: configuration error for package modules.packages.dll: error importing data.packages.dll: No module named 'data.packages'\n2026-03-05 12:07:13,588 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 12:07:13,869 [lib.api.process] INFO: Successfully executed process from path \"C:\\Windows\\sysnative\\rundll32.exe\" with arguments \"\"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll\",#1\" with pid 4596\n2026-03-05 12:07:13,869 [lib.api.process] INFO: Monitor config for : C:\\nk6xk99a\\dll\\4596.ini\n2026-03-05 12:07:13,885 [lib.api.process] INFO: 64-bit DLL to inject is C:\\nk6xk99a\\dll\\kIbmqzp.dll, loader C:\\nk6xk99a\\bin\\mRtDbfjg.exe\n2026-03-05 12:07:13,947 [root] DEBUG: Loader: Injecting process 4596 (thread 160) with C:\\nk6xk99a\\dll\\kIbmqzp.dll.\n2026-03-05 12:07:13,947 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 12:07:13,947 [root] DEBUG: Successfully injected DLL C:\\nk6xk99a\\dll\\kIbmqzp.dll.\n2026-03-05 12:07:13,966 [lib.api.process] INFO: Injected into 64-bit \n2026-03-05 12:07:15,994 [lib.api.process] INFO: Successfully resumed \n2026-03-05 12:07:16,010 [root] DEBUG: 4596: Python path set to 'C:\\Python310'.\n2026-03-05 12:07:16,104 [root] DEBUG: 4596: Disabling sleep skipping.\n2026-03-05 12:07:16,104 [root] DEBUG: 4596: Dropped file limit defaulting to 100.\n2026-03-05 12:07:16,385 [root] DEBUG: 4596: YaraInit: Compiled 44 rule files\n2026-03-05 12:07:16,400 [root] DEBUG: 4596: YaraInit: Compiled rules saved to file C:\\nk6xk99a\\data\\yara\\capemon.yac\n2026-03-05 12:07:16,447 [root] DEBUG: 4596: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 12:07:16,447 [root] DEBUG: 4596: YaraScan: Scanning 0x00007FF78B200000, size 0x16100\n2026-03-05 12:07:16,447 [root] DEBUG: 4596: Monitor initialised: 64-bit capemon loaded in process 4596 at 0x00007FF95C960000, thread 160, image base 0x00007FF78B200000, stack from 0x000000C3E2141000-0x000000C3E2150000\n2026-03-05 12:07:16,463 [root] DEBUG: 4596: Commandline: \"C:\\Windows\\sysnative\\rundll32.exe\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177.dll\",#1\n2026-03-05 12:07:16,494 [root] DEBUG: 4596: hook_api: LdrpCallInitRoutine export address 0x00007FF97FCC99BC obtained via GetFunctionAddress\n2026-03-05 12:07:16,697 [root] WARNING: b'Unable to place hook on LockResource'\n2026-03-05 12:07:16,744 [root] DEBUG: 4596: set_hooks: Unable to hook LockResource\n2026-03-05 12:07:16,806 [root] DEBUG: 4596: Hooked 627 out of 628 functions\n2026-03-05 12:07:16,838 [root] DEBUG: 4596: Syscall hook installed, syscall logging level 1\n2026-03-05 12:07:16,885 [root] DEBUG: 4596: RestoreHeaders: Restored original import table.\n2026-03-05 12:07:16,931 [root] INFO: Loaded monitor into process with pid 4596\n2026-03-05 12:07:16,963 [root] DEBUG: 4596: caller_dispatch: Added region at 0x00007FF78B200000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF78B206D01, thread 160).\n2026-03-05 12:07:16,963 [root] DEBUG: 4596: YaraScan: Scanning 0x00007FF78B200000, size 0x16100\n2026-03-05 12:07:16,994 [root] DEBUG: 4596: ProcessImageBase: Main module image at 0x00007FF78B200000 unmodified (entropy change 0.000000e+00)\n2026-03-05 12:07:17,041 [root] DEBUG: 4596: DLL loaded at 0x00007FF974FC0000: C:\\Windows\\SYSTEM32\\WINHTTP (0x10a000 bytes).\n2026-03-05 12:07:17,072 [root] DEBUG: 4596: Target DLL loaded at 0x00007FF9693C0000: C:\\Users\\cape\\AppData\\Local\\Temp\\sample_from_94fc2177 (0xa8000 bytes).\n2026-03-05 12:07:17,088 [root] DEBUG: 4596: YaraScan: Scanning 0x00007FF9693C0000, size 0xa7f2e\n2026-03-05 12:07:17,150 [root] DEBUG: 4596: caller_dispatch: Added region at 0x00007FF9693C0000 to tracked regions list (ntdll::LdrLoadDll returns to 0x00007FF969438FC7, thread 160).\n2026-03-05 12:07:17,150 [root] DEBUG: 4596: caller_dispatch: Scanning calling region at 0x00007FF9693C0000...\n2026-03-05 12:07:17,775 [root] DEBUG: 4596: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-03-05 12:07:17,775 [root] DEBUG: 4596: DLL loaded at 0x00007FF97B2E0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-03-05 12:07:17,791 [root] DEBUG: 4596: DLL loaded at 0x00007FF97DC80000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-03-05 12:07:17,869 [root] DEBUG: 4596: DLL loaded at 0x00007FF97ADB0000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-03-05 12:07:17,978 [root] DEBUG: 4596: DLL loaded at 0x00007FF97EC20000: C:\\Windows\\System32\\MSCTF (0x115000 bytes).\n2026-03-05 12:07:18,072 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:07:18,072 [root] DEBUG: 4596: DLL loaded at 0x00007FF96B590000: C:\\Windows\\SYSTEM32\\webio (0x98000 bytes).\n2026-03-05 12:07:18,088 [root] DEBUG: 4596: DLL loaded at 0x00007FF97CAC0000: C:\\Windows\\system32\\mswsock (0x6a000 bytes).\n2026-03-05 12:07:18,103 [root] DEBUG: 4596: DLL loaded at 0x00007FF97C7B0000: C:\\Windows\\SYSTEM32\\IPHLPAPI (0x3b000 bytes).\n2026-03-05 12:07:18,213 [root] DEBUG: 4596: DLL loaded at 0x00007FF97F3D0000: C:\\Windows\\System32\\NSI (0x8000 bytes).\n2026-03-05 12:07:18,213 [root] DEBUG: 4596: DLL loaded at 0x00007FF976120000: C:\\Windows\\SYSTEM32\\WINNSI (0xb000 bytes).\n2026-03-05 12:07:21,635 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:07:24,807 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:07:37,994 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:07:41,166 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:07:44,338 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:07:58,447 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:01,619 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:04,791 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:17,978 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:21,182 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:24,353 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:37,541 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:40,729 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:43,900 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:08:57,088 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:00,275 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:03,463 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:16,635 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:19,806 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:22,994 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:36,197 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:39,369 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:42,541 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:55,713 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:09:58,869 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:10:02,041 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:10:15,229 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:10:18,400 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:10:21,572 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:10:34,775 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:10:36,572 [root] INFO: Analysis timeout hit, terminating analysis\n2026-03-05 12:10:36,572 [lib.api.process] INFO: Terminate event set for \n2026-03-05 12:10:36,572 [root] DEBUG: 4596: Terminate Event: Attempting to dump process 4596\n2026-03-05 12:10:36,572 [root] DEBUG: 4596: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 12:10:36,588 [lib.api.process] INFO: Termination confirmed for \n2026-03-05 12:10:36,588 [root] INFO: Terminate event set for process 4596\n2026-03-05 12:10:36,588 [root] INFO: Created shutdown mutex\n2026-03-05 12:10:36,588 [root] DEBUG: 4596: Terminate Event: monitor shutdown complete for process 4596\n2026-03-05 12:10:37,604 [root] INFO: Shutting down package\n2026-03-05 12:10:37,604 [root] INFO: Stopping auxiliary modules\n2026-03-05 12:10:37,619 [root] INFO: Stopping auxiliary module: Browser\n2026-03-05 12:10:37,619 [root] INFO: Stopping auxiliary module: Human\n2026-03-05 12:10:37,947 [root] DEBUG: 4596: DLL loaded at 0x00007FF964250000: C:\\Windows\\system32\\OnDemandConnRouteHelper (0x17000 bytes).\n2026-03-05 12:10:38,416 [root] INFO: Stopping auxiliary module: Screenshots\n2026-03-05 12:10:38,744 [root] INFO: Finishing auxiliary modules\n2026-03-05 12:10:38,744 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-03-05 12:10:38,760 [root] WARNING: Folder at path \"C:\\CNBZxSuxbk\\debugger\" does not exist, skipping\n2026-03-05 12:10:38,760 [root] INFO: Uploading files at path \"C:\\CNBZxSuxbk\\tlsdump\"\n2026-03-05 12:10:38,760 [lib.common.results] INFO: Uploading file C:\\CNBZxSuxbk\\tlsdump\\tlsdump.log to tlsdump\\tlsdump.log; Size is 12056; Max size: 100000000\n2026-03-05 12:10:38,775 [root] INFO: Analysis completed\n",
"errors": []
},
"network": {
"pcap_sha256": "90e5f76093563b2dac6a8a72b8c3f971d7c8b78f7a22f0229ccbeb1f013e429d",
"hosts": [
{
"ip": "72.154.7.102",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
443
]
},
{
"ip": "72.154.7.97",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
443
]
},
{
"ip": "62.115.252.17",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
443
]
},
{
"ip": "217.19.4.252",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
80
]
},
{
"ip": "135.232.92.97",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
443
]
},
{
"ip": "72.154.7.109",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
443
]
},
{
"ip": "72.154.7.16",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
443
]
},
{
"ip": "4.207.247.138",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
443
]
},
{
"ip": "176.99.136.153",
"country_name": "unknown",
"asn": "",
"asn_name": "",
"hostname": "",
"inaddrarpa": "",
"ports": [
80
]
}
],
"domains": [],
"tcp": [
{
"src": "192.168.1.100",
"sport": 50625,
"dst": "176.99.136.153",
"dport": 80,
"offset": 1921,
"time": 3.8847429752349854
},
{
"src": "192.168.1.100",
"sport": 50615,
"dst": "176.99.136.153",
"dport": 80,
"offset": 2532,
"time": 3.9652209281921387
},
{
"src": "192.168.1.100",
"sport": 50629,
"dst": "109.61.38.38",
"dport": 80,
"offset": 12957,
"time": 15.1193368434906
},
{
"src": "192.168.1.100",
"sport": 49739,
"dst": "4.207.247.138",
"dport": 443,
"offset": 14558,
"time": 20.271199941635132
},
{
"src": "192.168.1.100",
"sport": 50631,
"dst": "52.123.129.14",
"dport": 443,
"offset": 25196,
"time": 20.756032943725586
},
{
"src": "192.168.1.100",
"sport": 50634,
"dst": "176.99.136.153",
"dport": 80,
"offset": 52439,
"time": 22.115054845809937
},
{
"src": "192.168.1.100",
"sport": 50636,
"dst": "72.145.35.144",
"dport": 443,
"offset": 799279,
"time": 22.38578200340271
},
{
"src": "192.168.1.100",
"sport": 50637,
"dst": "72.154.7.16",
"dport": 443,
"offset": 1056942,
"time": 22.696332931518555
},
{
"src": "192.168.1.100",
"sport": 50640,
"dst": "176.99.136.153",
"dport": 80,
"offset": 1059443,
"time": 22.754443883895874
},
{
"src": "192.168.1.100",
"sport": 50639,
"dst": "72.154.7.109",
"dport": 443,
"offset": 1060118,
"time": 22.788880825042725
},
{
"src": "192.168.1.100",
"sport": 50644,
"dst": "20.190.181.4",
"dport": 443,
"offset": 1084011,
"time": 24.322285890579224
},
{
"src": "192.168.1.100",
"sport": 50647,
"dst": "135.232.92.97",
"dport": 443,
"offset": 1151667,
"time": 25.433873891830444
},
{
"src": "192.168.1.100",
"sport": 50649,
"dst": "2.23.89.205",
"dport": 443,
"offset": 1175204,
"time": 31.077725887298584
},
{
"src": "192.168.1.100",
"sport": 50650,
"dst": "176.99.136.153",
"dport": 80,
"offset": 1188007,
"time": 46.551180839538574
},
{
"src": "192.168.1.100",
"sport": 50651,
"dst": "176.99.136.153",
"dport": 80,
"offset": 1189831,
"time": 46.61828398704529
},
{
"src": "192.168.1.100",
"sport": 50653,
"dst": "52.167.249.196",
"dport": 443,
"offset": 1197533,
"time": 47.73552989959717
},
{
"src": "192.168.1.100",
"sport": 50656,
"dst": "52.167.249.196",
"dport": 443,
"offset": 1228313,
"time": 48.4570209980011
},
{
"src": "192.168.1.100",
"sport": 50658,
"dst": "104.208.16.92",
"dport": 443,
"offset": 1256932,
"time": 49.250234842300415
},
{
"src": "192.168.1.100",
"sport": 50664,
"dst": "104.208.16.92",
"dport": 443,
"offset": 2414432,
"time": 55.33721590042114
},
{
"src": "192.168.1.100",
"sport": 50672,
"dst": "176.99.136.153",
"dport": 80,
"offset": 2431200,
"time": 62.06757998466492
},
{
"src": "192.168.1.100",
"sport": 50677,
"dst": "52.168.112.66",
"dport": 443,
"offset": 3644442,
"time": 72.21844696998596
},
{
"src": "192.168.1.100",
"sport": 50679,
"dst": "176.99.136.153",
"dport": 80,
"offset": 3666045,
"time": 76.42594599723816
},
{
"src": "192.168.1.100",
"sport": 50680,
"dst": "176.99.136.153",
"dport": 80,
"offset": 3666738,
"time": 76.43716096878052
},
{
"src": "192.168.1.100",
"sport": 50684,
"dst": "2.23.89.205",
"dport": 443,
"offset": 28485947,
"time": 79.97664785385132
},
{
"src": "192.168.1.100",
"sport": 50685,
"dst": "176.99.136.153",
"dport": 80,
"offset": 28496837,
"time": 80.19152188301086
},
{
"src": "192.168.1.100",
"sport": 50686,
"dst": "176.99.136.153",
"dport": 80,
"offset": 28515186,
"time": 80.2929458618164
},
{
"src": "192.168.1.100",
"sport": 50690,
"dst": "199.232.210.172",
"dport": 80,
"offset": 37533625,
"time": 85.10877585411072
},
{
"src": "192.168.1.100",
"sport": 50694,
"dst": "20.199.58.43",
"dport": 443,
"offset": 37538676,
"time": 88.03259301185608
},
{
"src": "192.168.1.100",
"sport": 50696,
"dst": "20.199.58.43",
"dport": 443,
"offset": 37539208,
"time": 88.0330159664154
},
{
"src": "62.115.252.17",
"sport": 443,
"dst": "192.168.1.100",
"dport": 50668,
"offset": 37581528,
"time": 96.3594319820404
},
{
"src": "192.168.1.100",
"sport": 50697,
"dst": "72.154.7.97",
"dport": 443,
"offset": 37582073,
"time": 97.16875505447388
},
{
"src": "192.168.1.100",
"sport": 50701,
"dst": "176.99.136.153",
"dport": 80,
"offset": 37599693,
"time": 101.62990999221802
},
{
"src": "192.168.1.100",
"sport": 50707,
"dst": "2.23.90.38",
"dport": 443,
"offset": 37616143,
"time": 111.72064089775085
},
{
"src": "192.168.1.100",
"sport": 50709,
"dst": "176.99.136.153",
"dport": 80,
"offset": 37633324,
"time": 112.07192492485046
},
{
"src": "192.168.1.100",
"sport": 50710,
"dst": "176.99.136.153",
"dport": 80,
"offset": 37635437,
"time": 112.1815619468689
},
{
"src": "192.168.1.100",
"sport": 50712,
"dst": "176.99.136.153",
"dport": 80,
"offset": 38154481,
"time": 112.58729100227356
},
{
"src": "192.168.1.100",
"sport": 50713,
"dst": "176.99.136.153",
"dport": 80,
"offset": 38156574,
"time": 112.69493985176086
},
{
"src": "192.168.1.100",
"sport": 50715,
"dst": "176.99.136.153",
"dport": 80,
"offset": 39034789,
"time": 118.1528148651123
},
{
"src": "192.168.1.100",
"sport": 50716,
"dst": "176.99.136.153",
"dport": 80,
"offset": 39041402,
"time": 118.49753499031067
},
{
"src": "192.168.1.100",
"sport": 50722,
"dst": "176.99.136.153",
"dport": 80,
"offset": 39057388,
"time": 122.98198890686035
},
{
"src": "192.168.1.100",
"sport": 50724,
"dst": "20.42.73.26",
"dport": 443,
"offset": 39061714,
"time": 124.26003885269165
},
{
"src": "192.168.1.100",
"sport": 50729,
"dst": "52.182.143.211",
"dport": 443,
"offset": 39083956,
"time": 137.0742039680481
},
{
"src": "192.168.1.100",
"sport": 50743,
"dst": "72.154.7.102",
"dport": 443,
"offset": 39108841,
"time": 174.47033405303955
},
{
"src": "192.168.1.100",
"sport": 50747,
"dst": "52.167.249.196",
"dport": 443,
"offset": 39138446,
"time": 180.1377968788147
},
{
"src": "192.168.1.100",
"sport": 50772,
"dst": "72.154.7.107",
"dport": 443,
"offset": 39163365,
"time": 247.04924988746643
}
],
"udp": [
{
"src": "192.168.1.100",
"sport": 55320,
"dst": "8.8.4.4",
"dport": 53,
"offset": 134,
"time": 0.027824878692626953
},
{
"src": "192.168.1.100",
"sport": 49510,
"dst": "8.8.8.8",
"dport": 53,
"offset": 14894,
"time": 20.59058904647827
},
{
"src": "192.168.1.100",
"sport": 63196,
"dst": "8.8.4.4",
"dport": 53,
"offset": 15365,
"time": 20.619813919067383
},
{
"src": "192.168.1.100",
"sport": 59798,
"dst": "8.8.4.4",
"dport": 53,
"offset": 38354,
"time": 21.44938087463379
},
{
"src": "192.168.1.100",
"sport": 58000,
"dst": "8.8.4.4",
"dport": 53,
"offset": 50847,
"time": 22.06169295310974
},
{
"src": "192.168.1.100",
"sport": 65143,
"dst": "8.8.8.8",
"dport": 53,
"offset": 290099,
"time": 22.31126594543457
},
{
"src": "192.168.1.100",
"sport": 52313,
"dst": "8.8.8.8",
"dport": 53,
"offset": 1078512,
"time": 24.089545011520386
},
{
"src": "192.168.1.100",
"sport": 59855,
"dst": "8.8.4.4",
"dport": 53,
"offset": 1150047,
"time": 25.245615005493164
},
{
"src": "192.168.1.100",
"sport": 53236,
"dst": "8.8.8.8",
"dport": 53,
"offset": 1186868,
"time": 46.47212791442871
},
{
"src": "192.168.1.100",
"sport": 55297,
"dst": "8.8.8.8",
"dport": 53,
"offset": 1191766,
"time": 47.572864055633545
},
{
"src": "192.168.1.100",
"sport": 52219,
"dst": "8.8.8.8",
"dport": 53,
"offset": 1228599,
"time": 48.4953498840332
},
{
"src": "192.168.1.100",
"sport": 62547,
"dst": "8.8.8.8",
"dport": 53,
"offset": 1256443,
"time": 49.192253828048706
},
{
"src": "192.168.1.100",
"sport": 62673,
"dst": "8.8.8.8",
"dport": 53,
"offset": 3643861,
"time": 72.07879590988159
},
{
"src": "192.168.1.100",
"sport": 52194,
"dst": "8.8.8.8",
"dport": 53,
"offset": 28485380,
"time": 79.93235182762146
},
{
"src": "192.168.1.100",
"sport": 59620,
"dst": "8.8.4.4",
"dport": 53,
"offset": 37529582,
"time": 82.72493100166321
},
{
"src": "192.168.1.100",
"sport": 62311,
"dst": "8.8.8.8",
"dport": 53,
"offset": 37587924,
"time": 99.8517758846283
},
{
"src": "192.168.1.100",
"sport": 50643,
"dst": "8.8.4.4",
"dport": 53,
"offset": 37598439,
"time": 101.58233404159546
},
{
"src": "192.168.1.100",
"sport": 138,
"dst": "192.168.1.255",
"dport": 138,
"offset": 37602721,
"time": 107.46915602684021
},
{
"src": "192.168.1.100",
"sport": 63156,
"dst": "8.8.4.4",
"dport": 53,
"offset": 37603885,
"time": 111.37906193733215
},
{
"src": "192.168.1.100",
"sport": 59862,
"dst": "8.8.8.8",
"dport": 53,
"offset": 37616432,
"time": 111.72274899482727
},
{
"src": "192.168.1.100",
"sport": 60051,
"dst": "8.8.8.8",
"dport": 53,
"offset": 39034058,
"time": 118.07571697235107
},
{
"src": "192.168.1.100",
"sport": 58277,
"dst": "8.8.8.8",
"dport": 53,
"offset": 39040296,
"time": 118.38854694366455
},
{
"src": "192.168.1.100",
"sport": 57138,
"dst": "8.8.8.8",
"dport": 53,
"offset": 39055628,
"time": 122.92307496070862
},
{
"src": "192.168.1.100",
"sport": 57138,
"dst": "8.8.4.4",
"dport": 53,
"offset": 39056198,
"time": 122.94205093383789
},
{
"src": "192.168.1.100",
"sport": 50509,
"dst": "8.8.8.8",
"dport": 53,
"offset": 39073069,
"time": 133.8704309463501
},
{
"src": "192.168.1.100",
"sport": 57454,
"dst": "8.8.8.8",
"dport": 53,
"offset": 39095941,
"time": 148.1092448234558
},
{
"src": "192.168.1.100",
"sport": 53796,
"dst": "8.8.8.8",
"dport": 53,
"offset": 39137715,
"time": 179.99117398262024
}
],
"icmp": [
{
"src": "192.168.1.100",
"dst": "8.8.4.4",
"type": 3,
"data": ""
},
{
"src": "192.168.1.100",
"dst": "8.8.4.4",
"type": 3,
"data": ""
},
{
"src": "192.168.1.100",
"dst": "8.8.4.4",
"type": 3,
"data": ""
},
{
"src": "192.168.1.100",
"dst": "8.8.4.4",
"type": 3,
"data": ""
},
{
"src": "192.168.1.100",
"dst": "8.8.4.4",
"type": 3,
"data": ""
}
],
"http": [
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=288358400-289406975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.126\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712402.950973
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=289406976-290455551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.127\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712403.031451
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712421.181285
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=25165824-26079085\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712421.218732
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.4.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712421.820674
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712445.617411
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.2.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712445.684514
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=17825792-18874367\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.2.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712448.911132
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712461.13381
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=8388608-9437183\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712467.649995
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=288358400-289406975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712475.492176
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=289406976-290455551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712475.503391
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=290455552-291504127\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.4\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712475.833447
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=291504128-292552703\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.5\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712475.862173
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=292552704-293601279\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.6\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.06626
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=293601280-294649855\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.7\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.088272
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=294649856-295698431\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.8\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.277218
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=295698432-296747007\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.9\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.306089
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=296747008-297795583\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.10\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.476539
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=297795584-298844159\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.11\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.530456
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=298844160-299892735\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.12\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.658503
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=299892736-300941311\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.13\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.767476
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=300941312-301989887\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.14\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712476.858438
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=301989888-303038463\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.15\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.016018
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=303038464-304087039\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.16\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.047887
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=304087040-305135615\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.17\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.238311
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=305135616-306184191\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.18\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.248978
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=306184192-307232767\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.19\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.501912
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=307232768-308281343\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.20\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.511497
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=308281344-309329919\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.21\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.730155
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=309329920-310378495\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.22\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.73903
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=310378496-311427071\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.23\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712477.960798
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712479.257752
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=9437184-10485759\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712479.303916
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=10485760-11534335\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712479.359176
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=11534336-12582911\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.4\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712479.686618
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=12582912-13631487\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.5\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712479.727635
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=13631488-14680063\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.6\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712479.872537
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=14680064-15728639\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.7\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712480.011532
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=15728640-16777215\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.8\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712480.054362
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=16777216-17825791\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.9\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712480.255763
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.6.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712500.69614
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: 9KW1sI7RHECpEaPI.1.3.1.0.0.14.2.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712511.138155
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: 9KW1sI7RHECpEaPI.1.3.1.0.0.14.2.6.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712511.247792
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=6291456-6757464\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: 9KW1sI7RHECpEaPI.1.3.1.0.0.14.2.6.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712511.28741
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: 9KW1sI7RHECpEaPI.1.3.1.0.0.18.2.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712511.653521
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: 9KW1sI7RHECpEaPI.1.3.1.0.0.18.2.6.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712511.76117
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=5242880-6050793\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: 9KW1sI7RHECpEaPI.1.3.1.0.0.18.2.6.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712511.806438
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.20.3.1.0.0.18.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712517.219045
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.20.3.1.0.0.24.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712517.563765
},
{
"count": 1,
"host": "176.99.136.153",
"port": 80,
"data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.7.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
"uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"body": "",
"path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"user-agent": "Microsoft-Delivery-Optimization/10.0",
"version": "1.1",
"method": "GET",
"first_seen": 1772712522.048219
}
],
"dns": [],
"smtp": [],
"irc": [],
"dead_hosts": [
[
"217.19.4.252",
80
],
[
"192.168.1.100",
50673
],
[
"192.168.1.100",
50675
],
[
"192.168.1.100",
50682
],
[
"192.168.1.100",
50687
],
[
"192.168.1.100",
50691
],
[
"192.168.1.100",
50698
],
[
"192.168.1.100",
50702
],
[
"192.168.1.100",
50704
],
[
"192.168.1.100",
50718
],
[
"192.168.1.100",
50720
],
[
"192.168.1.100",
50726
],
[
"192.168.1.100",
50730
],
[
"192.168.1.100",
50732
],
[
"192.168.1.100",
50734
],
[
"192.168.1.100",
50737
],
[
"192.168.1.100",
50739
],
[
"192.168.1.100",
50741
],
[
"192.168.1.100",
50744
],
[
"192.168.1.100",
50748
],
[
"192.168.1.100",
50750
],
[
"192.168.1.100",
50753
],
[
"192.168.1.100",
50755
],
[
"192.168.1.100",
50758
],
[
"192.168.1.100",
50760
],
[
"192.168.1.100",
50762
],
[
"192.168.1.100",
50764
],
[
"192.168.1.100",
50766
],
[
"192.168.1.100",
50768
],
[
"192.168.1.100",
50770
],
[
"192.168.1.100",
50773
]
]
},
"suricata": {
"alerts": [],
"tls": [],
"perf": [],
"files": [],
"http": [
{
"srcport": 50634,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:01.218732+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50634,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:01.503646+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 913262,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50640,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:01.904416+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50650,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:25.699508+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50651,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:25.777596+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50651,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:29.308675+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50672,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:41.214102+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50672,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:47.935627+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:55.833447+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:55.862173+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.039107+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.088272+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.277218+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.306089+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.476539+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.507439+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.658503+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.767476+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:56.858438+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.016018+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.047887+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.238311+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.248978+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.491392+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.500074+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.718303+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.739030+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:57.960798+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50679,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:58.025199+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50680,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:58.197253+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50685,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:59.303916+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50686,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:59.686618+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50685,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:59.727635+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50686,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:59.851531+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50685,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:07:59.996867+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50686,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:00.054362+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50686,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:00.255763+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50685,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:00.321834+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50686,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:00.462597+0000",
"uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 1048576,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50701,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:20.789440+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50709,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:31.225755+0000",
"uri": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
"length": 481,
"hostname": "176.99.136.153",
"status": 200,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50710,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:31.287410+0000",
"uri": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50710,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:31.508882+0000",
"uri": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 466009,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50712,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:31.741312+0000",
"uri": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
"length": 434,
"hostname": "176.99.136.153",
"status": 200,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50713,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:31.806438+0000",
"uri": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50713,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:32.178861+0000",
"uri": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 807914,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50715,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:37.303547+0000",
"uri": "/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50716,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:37.668266+0000",
"uri": "/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
},
{
"srcport": 50722,
"srcip": "192.168.1.100",
"dstport": 80,
"dstip": "176.99.136.153",
"timestamp": "2026-03-05 12:08:42.131130+0000",
"uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
"length": 2,
"hostname": "176.99.136.153",
"status": 206,
"http_method": "GET",
"contenttype": "application/octet-stream",
"ua": "Microsoft-Delivery-Optimization/10.0",
"referrer": null
}
],
"dns": [],
"ssh": [],
"fileinfo": [],
"eve_log_full_path": "/opt/CAPEv2/storage/analyses/7/logs/eve.json",
"alert_log_full_path": null,
"tls_log_full_path": null,
"http_log_full_path": null,
"file_log_full_path": null,
"ssh_log_full_path": null,
"dns_log_full_path": null
},
"url_analysis": {},
"procmemory": [],
"signatures": [
{
"name": "dead_connect",
"description": "Attempts to connect to a dead IP:Port (1 unique times)",
"categories": [
"network"
],
"severity": 1,
"weight": 0,
"confidence": 100,
"references": [],
"data": [
{
"type": "call",
"pid": 4596,
"cid": 294
},
{
"type": "call",
"pid": 4596,
"cid": 343
},
{
"type": "call",
"pid": 4596,
"cid": 385
},
{
"type": "call",
"pid": 4596,
"cid": 464
},
{
"type": "call",
"pid": 4596,
"cid": 505
},
{
"type": "call",
"pid": 4596,
"cid": 563
},
{
"type": "call",
"pid": 4596,
"cid": 606
},
{
"type": "call",
"pid": 4596,
"cid": 643
},
{
"type": "call",
"pid": 4596,
"cid": 689
},
{
"type": "call",
"pid": 4596,
"cid": 745
},
{
"type": "call",
"pid": 4596,
"cid": 783
},
{
"type": "call",
"pid": 4596,
"cid": 828
},
{
"type": "call",
"pid": 4596,
"cid": 880
},
{
"type": "call",
"pid": 4596,
"cid": 925
},
{
"type": "call",
"pid": 4596,
"cid": 971
},
{
"type": "call",
"pid": 4596,
"cid": 1017
},
{
"type": "call",
"pid": 4596,
"cid": 1068
},
{
"type": "call",
"pid": 4596,
"cid": 1119
},
{
"type": "call",
"pid": 4596,
"cid": 1160
},
{
"type": "call",
"pid": 4596,
"cid": 1214
},
{
"type": "call",
"pid": 4596,
"cid": 1268
},
{
"type": "call",
"pid": 4596,
"cid": 1313
},
{
"type": "call",
"pid": 4596,
"cid": 1359
},
{
"type": "call",
"pid": 4596,
"cid": 1414
},
{
"type": "call",
"pid": 4596,
"cid": 1459
},
{
"type": "call",
"pid": 4596,
"cid": 1505
},
{
"type": "call",
"pid": 4596,
"cid": 1556
},
{
"type": "call",
"pid": 4596,
"cid": 1598
},
{
"type": "call",
"pid": 4596,
"cid": 1643
},
{
"type": "call",
"pid": 4596,
"cid": 1690
},
{
"IP": "217.19.4.252:80 (unknown)"
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "antidebug_setunhandledexceptionfilter",
"description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
"categories": [
"anti-debug"
],
"severity": 1,
"weight": 1,
"confidence": 40,
"references": [],
"data": [
{
"type": "call",
"pid": 4596,
"cid": 11
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "language_check_registry",
"description": "Checks system language via registry key (possible geofencing)",
"categories": [
"location_discovery",
"geofence"
],
"severity": 1,
"weight": 1,
"confidence": 100,
"references": [],
"data": [
{
"regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
},
{
"regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "antisandbox_sleep",
"description": "A process attempted to delay the analysis task.",
"categories": [
"anti-sandbox"
],
"severity": 2,
"weight": 4,
"confidence": 100,
"references": [],
"data": [
{
"type": "call",
"pid": 4596,
"cid": 147
},
{
"type": "call",
"pid": 4596,
"cid": 210
},
{
"type": "call",
"pid": 4596,
"cid": 296
},
{
"type": "call",
"pid": 4596,
"cid": 307
},
{
"type": "call",
"pid": 4596,
"cid": 344
},
{
"type": "call",
"pid": 4596,
"cid": 346
},
{
"type": "call",
"pid": 4596,
"cid": 388
},
{
"type": "call",
"pid": 4596,
"cid": 396
},
{
"type": "call",
"pid": 4596,
"cid": 397
},
{
"type": "call",
"pid": 4596,
"cid": 424
},
{
"type": "call",
"pid": 4596,
"cid": 427
},
{
"type": "call",
"pid": 4596,
"cid": 465
},
{
"type": "call",
"pid": 4596,
"cid": 468
},
{
"type": "call",
"pid": 4596,
"cid": 507
},
{
"type": "call",
"pid": 4596,
"cid": 519
},
{
"type": "call",
"pid": 4596,
"cid": 520
},
{
"type": "call",
"pid": 4596,
"cid": 529
},
{
"type": "call",
"pid": 4596,
"cid": 530
},
{
"type": "call",
"pid": 4596,
"cid": 532
},
{
"type": "call",
"pid": 4596,
"cid": 565
},
{
"type": "call",
"pid": 4596,
"cid": 607
},
{
"type": "call",
"pid": 4596,
"cid": 613
},
{
"type": "call",
"pid": 4596,
"cid": 651
},
{
"type": "call",
"pid": 4596,
"cid": 661
},
{
"type": "call",
"pid": 4596,
"cid": 662
},
{
"type": "call",
"pid": 4596,
"cid": 694
},
{
"type": "call",
"pid": 4596,
"cid": 696
},
{
"type": "call",
"pid": 4596,
"cid": 714
},
{
"type": "call",
"pid": 4596,
"cid": 746
},
{
"type": "call",
"pid": 4596,
"cid": 750
},
{
"type": "call",
"pid": 4596,
"cid": 791
},
{
"type": "call",
"pid": 4596,
"cid": 801
},
{
"type": "call",
"pid": 4596,
"cid": 802
},
{
"type": "call",
"pid": 4596,
"cid": 833
},
{
"type": "call",
"pid": 4596,
"cid": 836
},
{
"type": "call",
"pid": 4596,
"cid": 887
},
{
"type": "call",
"pid": 4596,
"cid": 895
},
{
"type": "call",
"pid": 4596,
"cid": 932
},
{
"type": "call",
"pid": 4596,
"cid": 942
},
{
"type": "call",
"pid": 4596,
"cid": 943
},
{
"type": "call",
"pid": 4596,
"cid": 944
},
{
"type": "call",
"pid": 4596,
"cid": 945
},
{
"type": "call",
"pid": 4596,
"cid": 972
},
{
"type": "call",
"pid": 4596,
"cid": 979
},
{
"type": "call",
"pid": 4596,
"cid": 1023
},
{
"type": "call",
"pid": 4596,
"cid": 1038
},
{
"type": "call",
"pid": 4596,
"cid": 1078
},
{
"type": "call",
"pid": 4596,
"cid": 1086
},
{
"type": "call",
"pid": 4596,
"cid": 1089
},
{
"type": "call",
"pid": 4596,
"cid": 1120
},
{
"type": "call",
"pid": 4596,
"cid": 1122
},
{
"type": "call",
"pid": 4596,
"cid": 1167
},
{
"type": "call",
"pid": 4596,
"cid": 1217
},
{
"type": "call",
"pid": 4596,
"cid": 1219
},
{
"type": "call",
"pid": 4596,
"cid": 1235
},
{
"type": "call",
"pid": 4596,
"cid": 1238
},
{
"type": "call",
"pid": 4596,
"cid": 1275
},
{
"type": "call",
"pid": 4596,
"cid": 1283
},
{
"type": "call",
"pid": 4596,
"cid": 1324
},
{
"type": "call",
"pid": 4596,
"cid": 1362
},
{
"type": "call",
"pid": 4596,
"cid": 1380
},
{
"type": "call",
"pid": 4596,
"cid": 1383
},
{
"type": "call",
"pid": 4596,
"cid": 1384
},
{
"type": "call",
"pid": 4596,
"cid": 1385
},
{
"type": "call",
"pid": 4596,
"cid": 1422
},
{
"type": "call",
"pid": 4596,
"cid": 1429
},
{
"type": "call",
"pid": 4596,
"cid": 1469
},
{
"type": "call",
"pid": 4596,
"cid": 1508
},
{
"type": "call",
"pid": 4596,
"cid": 1510
},
{
"type": "call",
"pid": 4596,
"cid": 1526
},
{
"type": "call",
"pid": 4596,
"cid": 1529
},
{
"type": "call",
"pid": 4596,
"cid": 1559
},
{
"type": "call",
"pid": 4596,
"cid": 1599
},
{
"type": "call",
"pid": 4596,
"cid": 1608
},
{
"type": "call",
"pid": 4596,
"cid": 1616
},
{
"type": "call",
"pid": 4596,
"cid": 1646
},
{
"type": "call",
"pid": 4596,
"cid": 1653
},
{
"type": "call",
"pid": 4596,
"cid": 1661
},
{
"type": "call",
"pid": 4596,
"cid": 1664
},
{
"type": "call",
"pid": 4596,
"cid": 1698
},
{
"note": "rundll32.exe tried to sleep 504.25 seconds, actually delayed analysis time by 0.0 seconds"
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "antianalysis_tls_section",
"description": "Contains .tls (Thread Local Storage) section",
"categories": [
"anti-analysis"
],
"severity": 2,
"weight": 1,
"confidence": 100,
"references": [],
"data": [
{
"section": {
"name": ".tls",
"raw_address": "0x0009ea00",
"virtual_address": "0x000a4000",
"virtual_size": "0x00000181",
"size_of_data": "0x00000200",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
"characteristics_raw": "0xc0000040",
"entropy": "0.02"
}
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "network_cnc_http",
"description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
"categories": [
"network",
"c2"
],
"severity": 2,
"weight": 1,
"confidence": 30,
"references": [],
"data": [
{
"ip_hostname": "HTTP connection was made to an IP address rather than domain name"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "network_http",
"description": "Performs some HTTP requests",
"categories": [
"network"
],
"severity": 2,
"weight": 1,
"confidence": 30,
"references": [],
"data": [
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "packer_unknown_pe_section_name",
"description": "The binary contains an unknown PE section name indicative of packing",
"categories": [
"packer"
],
"severity": 2,
"weight": 1,
"confidence": 100,
"references": [],
"data": [
{
"unknown section": {
"name": ".gxfg",
"raw_address": "0x0009ca00",
"virtual_address": "0x000a2000",
"virtual_size": "0x00001fe0",
"size_of_data": "0x00002000",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x40000040",
"entropy": "5.17"
}
},
{
"unknown section": {
"name": "_RDATA",
"raw_address": "0x0009ec00",
"virtual_address": "0x000a5000",
"virtual_size": "0x000001f4",
"size_of_data": "0x00000200",
"characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x40000040",
"entropy": "4.24"
}
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "packer_entropy",
"description": "The binary likely contains encrypted or compressed data",
"categories": [
"packer"
],
"severity": 2,
"weight": 1,
"confidence": 100,
"references": [
"http://www.forensickb.com/2013/03/file-entropy-explained.html",
"http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"data": [
{
"section": {
"name": ".text",
"raw_address": "0x00000400",
"virtual_address": "0x00001000",
"virtual_size": "0x00082fc6",
"size_of_data": "0x00083000",
"characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
"characteristics_raw": "0x60000020",
"entropy": "6.83"
}
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "binary_yara",
"description": "Binary file triggered multiple YARA rules",
"categories": [
"static"
],
"severity": 3,
"weight": 1,
"confidence": 80,
"references": [],
"data": [
{
"Binary triggered YARA rule": "IsPE64"
},
{
"Binary triggered YARA rule": "IsDLL"
},
{
"Binary triggered YARA rule": "IsWindowsGUI"
}
],
"new_data": [],
"alert": false,
"families": []
},
{
"name": "network_questionable_http_path",
"description": "Makes a suspicious HTTP request to a commonly exploitable directory with questionable file ext",
"categories": [
"network"
],
"severity": 3,
"weight": 1,
"confidence": 100,
"references": [],
"data": [
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
},
{
"url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772721235&P2=404&P3=2&P4=LfxN9Q0OY7czI3HFBY%2bb0tY3I8JfdaSwARX910pKlhMNuLJRWMC0p%2b0pJOh8cD3NRKabGjI10rMwBuUKbbT%2fkA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
}
],
"new_data": [],
"alert": false,
"families": []
}
],
"malscore": 7.0,
"ttps": [
{
"signature": "antianalysis_tls_section",
"ttps": [
"T1055"
],
"mbcs": [
"B0002",
"B0003",
"E1055"
]
},
{
"signature": "network_cnc_http",
"ttps": [
"T1071"
],
"mbcs": [
"OB0004",
"B0033",
"OC0006",
"C0002"
]
},
{
"signature": "network_http",
"ttps": [
"T1071"
],
"mbcs": [
"OC0006",
"C0002"
]
},
{
"signature": "network_questionable_http_path",
"ttps": [
"T1071"
],
"mbcs": [
"OC0006",
"C0002"
]
},
{
"signature": "packer_unknown_pe_section_name",
"ttps": [
"T1027.002",
"T1027"
],
"mbcs": [
"OB0001",
"OB0002",
"OB0006",
"F0001"
]
},
{
"signature": "packer_entropy",
"ttps": [
"T1027.002",
"T1027"
],
"mbcs": [
"OB0001",
"OB0002",
"OB0006",
"F0001"
]
}
],
"malstatus": "Malicious"
}